About
Community
Bad Ideas
Drugs
Ego
Erotica
Fringe
Society
Technology
Phreak
Boxes, Old and New
Bugs and Taps
Cellular Phones
Introduction to Telecommunications
PBX's and Switches
Payphones
Phone Phun
VMB's, Pagers, E-Mail, and S&F Systems
register | bbs | search | rss | faq | about
meet up | add to del.icio.us | digg it

The DNA Box - Hacking cellular phones #3


NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
????? ??? ??? ??? ??? ?? ? ? 1-FEB--89
?? ??????????????????????????????
?????? THE DNA BOX ???
??? ?? Hacking Cellular Phones ??????
??? ???????????????????????????? ???
? ' ` ' ` ' ` ' ` ' ` ' ` ? ???
? P A R T T H R E E ?
???????????????????????????????????????????????????????????????????????????
Previous DNA files discussed the possibility of using Japanese handheld
HAM radios and personal computers, or tape recorders to hack Cellular Phone
codes, and possible uses for investment & business info obtained by
hacking executive and corporate phone calls, and investment info services,
as well as approaches to modifying the Cellular Phones themselves for use as
hacking tools and pirate communication devices.

Here using and modifying UHF-band radio scanners to hack and monitor
Cellular and Mobile telephone systems will be dealt with.

Radio Shack, Uniden, and several other manufacturers make scanners
for use by amateur radio hobbyists. Most of these will intercept mobile
radiotelephone calls without modification by tuning in frequencies in the
156 MHz and 475 MHz regions. Most of these scanners have line-level
audio outputs that can feed a tape recorder or demodulator/tone decoder
chip which can then interface directly to a computer for analyzing codes.
Mobile phones use a tone-pulse dialing protocol that should be simple to decode
and emulate using standard handheld ham radio gear. You can almost count
the dialing beeps without any special equipment. Phone channels are easy to
find: they usually broadcast a standard busy signal or an idle tone
(a fixed audio sine wave) when waiting for the next call. You will also hear
conversations, ringing, and mobile phone operators on these channels.

Here's a partial list of frequencies used by mobile phones:
(frequencies in MHz)

152.51 154.57 152.66 152.69 152.72 152.78 154.54
475.45 475.475 475.55 475.6 475.8 475.825 475.85 475.9 476.05

As you can see, many of the frequencies are spaced 30KHz or 25KHz apart,
so there are probably more channels in the gaps at those intervals.

These frequencies were gathered in a few minutes of casual listening using
an unmodified Radio Shack Pro-2021 scanner in search mode.

SCANNING CELLULAR FREQUENCIES:

Hobby scanners capable of monitoring Cellular Phones are prohibited in the US.
To save money on the production line, many international scanner manufacturers
make only one kind of scanning chip which they use in both US and foreign
models. These chips are capable of scanning in the 800MHz range but this
feature is diabled by grounding certain pins in the US models.
Often restoring Cellular scanning functions is merely a matter of cutting
a circuit trace or removing a single diode from a scanner's printed circuit
board.

For instance, removing diode 513 from a Radio Shack Pro-2004 Scanner will
enable the 870MHz Cellular range. Installing diode 510 will increase the
number of scanning channels from 300 to 400. Installing diode 514 will
increase the scanning rate from 16 to 20 channels per second.
These are located on the printed circuit board labeled PC-3.

The Uniden Bearcat 200/205XLT can be modified for Cellular scanning
by cutting or removing the 10K-ohm resisitor located on the printed circuit
above the letters "DEN" on the microprocessor chip labeled "UNIDEN UC-1147".

The Regency Electronics MX7000 Scanner reportedly scans Cellular Phones
without modification.

An additional scanner rumored to be modifiable is the Realistic Pro-32.

Another source of useful radio gear are "Export Only" manufacturers.
One of these is currently rumored to be offering a handheld cellular phone
that does it's own routing and has an operating radius of 160 kilometers!

CELLULAR PHONE FREQUENCIES:
Here are the frequency range assignments for Cellular Telephones:

Repeater Input (Phone transmissions) 825.03 - 844.98 Megahertz
Repeater Output (Tower transmissions) 870.03 - 889.98 Megahertz

There are 666 Channels. Phones transmit 45 MHz below the corresponding
Tower channel. The channels are spaced every 30 KHz.

CORDLESS PHONE FREQUENCIES:
It's also possible to hack the popular cordless phones. These use the 49MHz
band used by baby monitors and toy FM walkie talkies. Scanners can be used
to monitor these without modification, and FM handheld transceivers will
allow 2-way hacking of these frequencies, which some may find amusing.

Channel Handset Transmit Base Transmit
------- ---------------- -------------
1 49.67 46.61 (frequencies in Megahertz)
2 49.845 46.63
3 49.86 46.67
4 49.77 46.71
5 49.875 46.73
6 49.83 46.77
7 49.89 46.83
8 49.93 46.87
9 49.99 46.93
10 49.97 46.97

Business Update:
As of January 1989 there are legal maneuvers going on to lift the
ban on portable phones by traders at the NY Stock Exchange.

???????????????????????????????????????????????????????????????????????????
? The DNA BOX - Striking at the Nucleus of Corporate Communications. ?
? A current project of... ?

Outlaw
Telecommandos
?????????????????
?????????????????
?01-213-376-0111?
 
To the best of our knowledge, the text on this page may be freely reproduced and distributed.
If you have any questions about this, please check out our Copyright Policy.

 

totse.com certificate signatures
 
 
About | Advertise | Bad Ideas | Community | Contact Us | Copyright Policy | Drugs | Ego | Erotica
FAQ | Fringe | Link to totse.com | Search | Society | Submissions | Technology
Hot Topics
Php
Withstanding an EMP
Good computer destroyer?
Wow, I never thought the navy would be so obvious.
Alternatives Internets to HTTP
Anti-Virus
a way to monitor someones AIM conversation
VERY simple question: browser history
 
Sponsored Links
 
Ads presented by the
AdBrite Ad Network

 

TSHIRT HELL T-SHIRTS