|
|
 |
|
|
|
register |
bbs |
search |
rss |
faq |
about
|
|
|
meet up |
add to del.icio.us |
digg it
|
|
|
|
Telecom Bandit's files on Cellular Fraud
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
??? ??? 3-FEB-89
?????????????????????????????????
??? THE DNA BOX ???
?????? Hacking Cellular Phones ??????
??? ??????????????????????????? ???
??? ' ` ' ` ' ` ' ` ' ` ' ` ' ???
? P A R T F O U R ?
? ?
? T H E N U M B E R O F T H E B E A S T ?
???????????????????????????????????????????????????????????????????????????
Preliminary technical info about the AMPS (Advanced Mobile Phone System).
MOBILE TELEPHONE SWITCHING OFFICE (MTSO)
Cell Control Sites (Towers) are connected to the Mobile Telephone Switching
Office (MTSO) by a pair of 9600 baud data lines, one of which is a backup.
The MTSO routes calls, controls and coordinates the cell sites (especially
during handoffs as a mobile phone moves from one cell to another while a
call is in progress), and connects to a Central Office (CO) of the local
telephone company via voice lines.
There is some indication that an MTSO may be re-programmed and otherwise
hacked via standard phone lines using a personal computer/modem.
NUMERIC ASSIGNMENT MODULE (NAM)
There is a PROM chip in every cellular phone that holds the phone number (MIN)
assigned to it. This is the "Numerical Assignment Module" or NAM. Schematics
and block diagrams occasionally call this the "ID PROM". The NAM also
holds the serial number (ESN) of the cellular phone, and the system ID (SID)
of the mobile phone's home system.
By encoding new PROM chips (or re-programming EPROM chips) and swapping them
with the originals, a cellular phone can be made to take on a new identity.
It is possible to make a circuit board with a bank of PROMs that
plugs into the NAM socket, and allows quick switching between several
phone ID's. It's even feasible to emulate the behavior of a PROM with
dual-port RAM chips, which can be instantly updated by a laptop computer.
A photograph of a "BYTEK S1-KX NAM Multiprogrammer" suggests that this
"sophisticated piece of equipment" is merely a relabled generic PROM burner.
==============================================================================
MOBILE IDENTIFICATION NUMBER (MIN)
The published explanations of how to compute this number all contain
deliberate errors, probably for the purpose of thwarting phreaks and people
attempting to change the serial numbers and ID codes of stolen phones.
Even the arithmetic is wrong in some published examples!
Until the FCC/IEEE spec is available (a trip is planned to a university
engineering library) the following is almost certainly the way that MIN is
computed, taking into consideration how such codings are done elsewhere,
comparing notes and tables from a variety of sources, and using common sense.
A BASIC program (MIN.BAS) that computes MINs from phone numbers is being
distributed with this file.
There are two parts to the 34-bit MIN.
They are derived from a cellular phone number as follows:
-------------------------------------------------------------------
MIN2 - a ten bit number representing the area code.
Look up the three digits of area code in the following table:
Phone Digit: 1 2 3 4 5 6 7 8 9 0
Coded Digit: 0 1 2 3 4 5 6 7 8 9
(Or just add 9 to a digit and use the right digit of the result)
Then convert that number to a 10-digit binary number:
For example, for the (213) area code, MIN2 would be 102,
which expressed as a 10-digit binary number would be 0001100110.
Area Code = 213 (get Area Code)
102 (add 9 to each digit modulo 10, or use table)
MIN2 = 0001100110 (convert to binary)
---------------------------------------------------------------------------
MIN1 - a 24 bit number representing the 7-digit phone number.
The first ten bits of MIN1 are computed the same way as MIN2, only
the next 3 digits of the phone number are used.
The middle four bits of MIN1 are simply the fourth digit of the phone number
expressed in binary (Remember; a "0" becomes a "10").
The last next ten bits of MIN1 are encoded using the final three digits of
the phone number in the same way.
So, MIN1 for 376-0111 would be:
(get Phone Number) 376 0 111
(modify digits where appropriate) 265 (10) 000
(convert each part to a binary number) 0100001001 1010 0000000000
---------------------------------------------------------------------------
Thus the complete 34-bit Mobile Identification Number for (213)376-0111 is:
376 0 111 213
________ __ ________ ________
/ \/ \/ \/ \
MIN = 0100001001101000000000000001100110
\______________________/\________/
MIN1 MIN2
----------------------------------------------------------------------------
ELECTRONIC SERVICE NUMBER (ESN)
The serial number for each phone is encoded as a 32 bit binary number.
Available evidence suggests that the ESN is an 8-digit hexadecimal
number, which is encoded directly to binary:
Serial Number = 821A056F
Digits = 8 2 1 A 0 5 6 F
ESN = 0001 0001 0001 1010 0000 0101 0110 1111
Here is a table for converting Hexadecimal to Binary:
Hex Binary Hex Binary Hex Binary Hex Binary
--- ------ --- ------ --- ------ --- ------
0 0000 4 0100 8 1000 C 1100
1 0001 5 0101 9 1001 D 1101
2 0010 6 0110 A 1010 E 1110
3 0011 7 0111 B 1011 F 1111
----------------------------------------------------------------------------
SYSTEM IDENTIFICATION (SID)
A 15 bit binary number representing a mobile phone's home cellular system.
============================================================================
---------------------CELLULAR PHONE FREQUENCIES-----------------------------
Here, again, are the frequency range assignments for Cellular Telephones:
Repeater Input (Phone transmissions) 825.030 - 844.980 Megahertz
Repeater Output (Tower transmissions) 870.030 - 889.980 Megahertz
There are 666 Channels. Phones transmit 45 MHz below the corresponding
Tower channel. The channels are spaced every 30 KHz.
These channels are divided into "Nonwireline" (A) and "Wireline" (B) services.
Nonwireline (A) service uses the 825-835/870-880 frequencies (channels 1-333)
Wireline (B) service uses the 835-845/880-890 frequencies (channels 334-666)
A channel is either dedicated to control signals, or to voice signals.
Digital message streams are sent on both types of channels, however.
There are 21 control channels for each service.
Non-Wireline (A) control channels are located in the frequency ranges
834.39 - 834.99 and 879.39 - 879.99 (channels 312 - 333 )
Wireline (B) control channels are located in the frequency ranges
835.02 - 835.62 and 880.02 - 880.62 (channels 334 - 355)
The new 998 channel systems use 332 additional channels in the ranges
821-825/866-870 and 845-851/890-896.
Cell Control Sites (Towers) are connected to an MTSO (Mobile Telephone
Switching Office) which connects the cellular system to a Central Office (CO)
of a conventional telephone system.
Each Cell Control Site uses a maximum of 16 channels, up to 4 of which
may be control channels. There will always be at least 1 control channel
available in each cell. Cellular Towers are easily identified by the
flat triangular platforms at the top of the mast, with short vertical
antennas at each corner of the platform.
Most UHF Televisions and cable-ready VCR's are capable of monitoring
Cellular Phone channels. Try tuning between UHF TV channels 72 - 76 for
mobile phones, and between UHF TV channels 79 - 83 for towers.
-----------------------------------------------------------------------------
SUPERVISORY AUDIO TONE (SAT)
A mobile phone must be able to recognize and retransmit any of the
three audio frequencies used as SAT's.
These tones (and their binary codes) are:
(00) 5970 Hz
(01) 6000 Hz
(10) 6030 Hz
The SAT is used during signaling, but not during data transmission.
The binary codes are sent during data transmission to control which of the
SAT tones a mobile phone will be using.
Each cell site (or tower) uses only one of the three SATs. The mobile
transmitter returns that same SAT to the tower.
Tone recognition must take place within 250 milliseconds.
SIGNALING TONE (ST)
A 10 KHz tone is used for signaling by mobile phones during alert, handoff,
certain service requests, and diconnect.
DATA TRANSMISSION
Cellular Phones use a data rate of 10 Kilobits per second, and must be
accurate to within one bit per second.
Frequency Modulation (FM) is used for both voice and data transmissions.
Digital data is transmitted as an 8KHz frequency shift of the carrier.
A binary one is transmited as a +8KHz shift and a binary zero as a -8KHz
shift. NRZ (Non-Return to Zero) coding is used, which means that the carrier
is not shifted back to it's center frequency between transmitted binary bits.
???????????????????????????????????????????????????????????????????????????
? The DNA BOX - Striking at the Nucleus of Corporate Communications. ?
? A current project of... ?
Outlaw
Telecommandos
?????????????????
?????????????????
?01-213-376-0111?
|
|
|
To the best of our knowledge, the text on this page may be freely reproduced and distributed.
If you have any questions about this, please check out our Copyright Policy.
totse.com certificate signatures
|
|
|
About | Advertise | Bad Ideas | Community | Contact Us | Copyright Policy | Drugs | Ego | Erotica
FAQ | Fringe | Link to totse.com | Search | Society | Submissions | Technology
|
|
|
|
|
|
|
TSHIRT HELL T-SHIRTS
|
