About
Community
Bad Ideas
Drugs
Ego
Erotica
Fringe
Society
Technology
Phreak
Boxes, Old and New
Bugs and Taps
Cellular Phones
Introduction to Telecommunications
PBX's and Switches
Payphones
Phone Phun
VMB's, Pagers, E-Mail, and S&F Systems
register | bbs | search | rss | faq | about
meet up | add to del.icio.us | digg it

Krackmaster's info on phreaking


NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.


///# ///#
///# ///# RACK
///#///#
//////# ////# ////#
///#///# /////# /////# ASTER
///# ///# ///#////#///#
///# ///# ///# //# ///# ///////////#
///# ///# ///# ///# RODUCTION
///# ///# ///# ///#
///# ///# ///////////#
///#
///#
///#



Phreaking Tutorial

by

Krackmaster

9/30/90
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-

DISCLAIMER:
I do not condone nor encourage phreaking, hacking, or any other
illegal activities. This is for informational purposes only! Remember
the true hacker's law: Move nothing, change nothing, delete nothing...
learn everything! If you screw around with this you will be busted one day.

-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-

Section I: Loop Arounds
Section II: Wats Extenders
Section III: Miscellaneous Info



Section I: Loop Arounds
!!!!!!!!!!!!!!!!!!!!!!!

(Special Thanks to: The Jabberwock)

What is a loop around? Well, I'll tell you! Loop arounds
(also called cheap loops or test loops) are used by the telco for
legitimate testing. Mostly used by linemen or repairmen while they are
in the manholes. I am also told that while in there, the y have to way
to communicate with other people since they don't have a phone to use.
They all have butt-sets that are used to tap into a block but no one
number they can use to receive calls. But since they have those
butt-sets, this is how they make their call. Besides tapping into a
customer's line, they sometimes will call at a pre-determined time, the
lineman will call one number while the other lineman or telco will call
another number. When this happens, they get connected. The lines they
use are sometimes very bad but nevertheless, it does its job. However,
some lines are very good!
Think of this as two lines floating around in the telco. When
one person dials one side and another person dial the other side...they
get connected! They permit two-way transmissions without far-end
assistance.

telco
phone numbers ----------------
| |
9917 -------------------------- |
| \ |
| / |
9918 -------------------------- |
| |
----------------


You're now thinking, "Big Deal! Why do I need to know this?"
Well, weren't you ever hesitant to leave a number with someone? Or how
about using one side of the loop to accept collect calls? Or maybe
setting up a fake account and need some sort of cal l back number. Or
how 'bout getting an unsupervised loop. This is when one side of the
loop isn't charged. This means that a person can call one side (a
local call) and the other person would dial the unsupervised side. You
and your friend could talk for hours since it is only costing you for
a local call (most of these loops do not give answer supervision so it
would be a free call. These calls go usually undetected but remember,
they can trace it. And if you go through another carrier such as Spri
nt or AT&T, they can trace it too since they would know what the loop
numbers are in most metro areas).
Bet I got your interest now! Well, here's how to find a loop.
There are usually one in every prefix (NXX). You should search for
them at night since linemen do use them during the day. The numbers
are found in either the 00XX side of the NXX or the 9 9XX side. You
should have a friend to help you since this can take a very long time.
I was lucky enough to find some on my first day of searching for this.
When you come across a loop, there will be one of two things
you will hear. Either a somewhat, loud steady tone or dead air. One
set of loops will be found in only one prefix. So don't go looking for
one side of the loop in the 657 prefix and the endi ng loop in the 529
prefix. If you are, stop reading and erase this file because you are
too stupid to continue!
You may come across some numbers that will beep and click at
various intervals. These are also test numbers used by the telco.
They are synchronous type, nonsync type, 101-type, 102-type, etc tests.
The loop around test lines are the 106-type tests.
Loops are for two people only but you might come across some
that has conference calling capabilities (I have never got any line
like this. If this is true, I would like to get those numbers). If it
is a two person loop, the next caller will be queued in when the first
caller hangs up.
Here is a few loops I found in my area:

498-1118/1119
735-1118/1119
529-9900/9906
352-9900/9906
455-9907/9908
836-9907/9908
283-9977/9979
986-9977/9979

As you can see, most of the numbers I found were located in the
99XX area in the prefix. There might be a few in the 00XX but I haven't
come across any yet. If you can get your hands on a Telephone Cross
Directory (a backwards telephone book), it could save you numerous
calls since you'll know if a resident or business has that number.
Usually payphones use the 9XXX numbers (helps operators know if the
person at that phone is calling from a payphone).
One person dials the tone side which is the lower number and
waits. The other person dials the higher number. The high pitch tone
goes away and then the lines get connected. Viola! You can now talk to
each other. Try having another friend call one si de of the loop to
see if it has conference capabilities or having him call from an outer
state or lata area to see if it is billing him.


Section II: Wats Extenders
!!!!!!!!!!!!!!!!!!!!!!!!!!

Wats Extenders (WE) is a way in which companies can benefit
from their existing long distance service the InWats and the OutWats.
Instead of having their salespeople (who travel across the country) use
their own money or have calling cards issued to the m (too expensive),
they thought of an idea to utilize their existing equipment to service
their reps. By having the reps dial their 800 line (InWats), they
would be connected to their PBX system. From there, they would dial
their pin number, usually 4 n umbers (sometimes 5 or 6) from their
touch tone phone then a dial tone would sound indicating that they are
allowed to do so. If the tone is a high-low sound, the pin was
incorrect. But once they had a valid pin, the dial tone would come on
and all they would have to do next is enter in the area code and number
preceded by a 9 or 8. This call would go out of their OutWats.
Presto, the call goes thru and is billed to the company. There may be
some companies which have voice verification but I haven't heard too
much about this.
Now, if you knew their PBX number and the rep's pin number, you
too could make free calls. But once the company recognizes that these
calls are not legit, they will change the pin number. You would then
have to hash out another code. The bad thing with this is that if the
code is unidentified (or invalid), the PBX would hang up on you so then
you would have to dial it again and again and again...
Mr. John Draper (the infamous Cap'n Crunch) used his computer,
Charlie, to find these codes. The bad thing about it was that the
telephone company noticed that someone was dialing the 800 number over
3,000 times all lasting 1 second. So as a warning to you, don't
over-do it. Just do it a little at a time. To find the WE, you need a
lot of luck since the 800 numbers are many! Try searching for the WE
from payphones or university dorms. Each company may have its own call
detail sheet on their bill so they would know who has been calling them
(called 800 Tracking). Another thing you ought to know is that some WE
are accessible locally so you won't have to look only for 800 numbers.
A rep in New York may dial a local number to his company's PBX and t
hen make his outgoing calls. It pays to experiment with phone numbers.
I happened to find a local WE. There was a low sounding (male) voice
that said, "Enter unit number please." You would then enter a
six-digit number, if it was wrong, it would say ". ..Abort", then it
would hang up. I tried for several days. Then when I found the
correct pin, it would give me another dial tone. I just entered 1 +
A/C + number and I got connected.
This type of PBX fraud is found because of the sudden increase
of the inwats volume. Then the inwats drop off while the outwats
increase. Be careful, they are not stupid! You can also go thru one
PBX and call another PBX to find the pin. The calls wi ll orginate
from the first PBX so no need to worry about getting caught. This
technique is called chaining. You could have a chain of several PBXs,
when one company detects some type of fraud and change the number or
pin, you just drop that PBX out of t hat chain or loop.
You may even find some WE by getting through on an FX (Foreign
Exchange). An FX is when a customer has a phone in another city. The
person would pick up his phone and dial a number that originates from
the PBX's location. For example, a PBX is located in Dallas but a
phone is in Reno. The person in Reno dials a Dallas (local) number and
gets charged as if the call originated from Dallas.


Section III: Miscellaneous Info
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

This section contains various information about the telephone
system. If you live in an ESS area, you probably have call waiting.
This allows you to receive a call when you are already on the phone
talking to someone. The good thing about it is that y ou don't have to
worry about missing an important call when you're on the phone. The
bad thing is that you may be listened in on.
To eavesdrop on the unsuspecting person, that person must
already be on the line. When you call, you will sometimes hear a
unique click during the first ring. This indicates that the caller is
on the other line. When you hear this sign, wait until he answers.
When he does answer, click your phone twice. When you click the first
time, your phone will jump to your other line while his phone thinks
you are still on his line. When you click it again, you will drop your
other line and jump back on the pe rson's line. The call is now a
conferenced so if you say something, they can hear you! May not work
in major metropolitan areas since they realized what can be done and
reconfigured the system. You can tell this when you are on the phone
with your frien d and he says wait...I have another call and you didn't
hear a thing.

Dialing 1-700-555-4141 is a recording that will tell you what
your long distance carrier is. It is a free call. Another interesting
thing that you should know is that the 700 numbers are used as an
enhanced call forwarding system. A salesman would be assigned an 700
number. If he was staying in a hotel in Florida, all he would have to
do is program his 700 number to ring at his hotel room. Now, if his
boss needs to get in touch with him, all he has to do is dial his 700
number.
Here's a trick you can try, may still work in your area. Call
1-700-555-4141 with an override number. An override number is only
available in equal access areas. It is designed so that customers can
use any carrier they choose, hence the name. AT&T i s 10288, Sprint is
10333, MCI is 10222, etc. Dial the override and the 700
number...10288-1-700-555-4141, you will hear a recording saying
something to the effect that AT&T is providing you with long distance
service. Now press the pound key for about 2 seconds. On some
companies, you will get dial tone again. It's not yours, it's the
telcos. Try it once and make a call, if it doesn't appear on your bill
then...

Dialing 1-200-XXX-XXXX (don't dial a 1 in the X position) in
some areas is a line identification number. It will tell you what
number you are calling from. This works in Florida and Georgia. You
could also dial a 0-777-XXXX in your area and get the sa me thing too
(777 will not be a valid NXX in that area)...you have to hack the rest.
In California the last 4 digits are usually 1212 or 1515.

On some PBX systems (banks, department stores, colleges, etc)
dialing 9 to get an outside line then 1 + A/C + number will be blocked.
Try replacing the 1 with a 7. In order words, dialing this number 9 +
7 + 415 + 936 + 1111 (San Fran's Weather) just m ight work! Also
dialing a two-digit number, such as 51, can also get you an outside
line if 8 or 9 doesn't work (works on Saturn).

There are phone systems at a condo or fancy apartment building
that will connect you to your friend in the building. When he gets a
call, sometimes with a special ring, he presses a number and lets you
in. Most of these phones can be tricked into diali ng long distance or
locally by using a tone dialer like the ones from Radio Shack. If you
don't have one at hand, try pushing the hang up and releasing 10 times
as fast as you can. When you do this you are actually dialing pulse
and will connect you to an operator (0) who can place the call for
you.
For those of you who don't have a tone dialer (now why wouldn't
a phreak have a tone dialer?), you can make one. You need a few things
first: A push button phone, 2 9volt batteries, 2 9volt battery clips,
an audio transformer (Radio Shack's got it - a 1000ohm to 8ohm for
$1.69; part number 273-1380), and an 8ohm speaker (Radio Shack's got
that one too). Now get the red and white wires from the transformer
and solder them to either sides of the speaker. Next, connect the 2
battery clips so that the re d of one side is connected to the black on
the other. On the red side, connect the orange/black wire from the
keypad together. On the black side, connect the green wire from the
transformer together. The blue wire of the transformer is connected to
the red wire. There should be the black, red/grey, and blue wire from
the keypad and the black wire from the transformer that aren't
connected. Connect the batteries and you got a tone dialer. Find or
make a box and you're all set!

Saturn PBXs have a feature in them that allows you to listen in
on another worker's conversation. This feature is defaulted not to
work so the system adminstrator has to "turn this on." If it is on try
calling an extension. When it's busy (it has to b usy or it won't
work), flash hook or press your tap key. You will hear a dial tone
now. Dial #6 (for silent) or *4 (for tone). Then dial the same
extension you just called. If you did it right and the feature is
enabled, you will be able to hear what is being said. Keep quiet
because they can hear you to.

One trick my friend and I used to do awhile ago was get our
cordless phone and drive around. If we got a dialtone, we would make a
free long distance call. Still works in the right neighborhood.



----- End of File -----
 
To the best of our knowledge, the text on this page may be freely reproduced and distributed.
If you have any questions about this, please check out our Copyright Policy.

 

totse.com certificate signatures
 
 
About | Advertise | Bad Ideas | Community | Contact Us | Copyright Policy | Drugs | Ego | Erotica
FAQ | Fringe | Link to totse.com | Search | Society | Submissions | Technology
Hot Topics
Php
Withstanding an EMP
Good computer destroyer?
Wow, I never thought the navy would be so obvious.
Alternatives Internets to HTTP
Anti-Virus
a way to monitor someones AIM conversation
VERY simple question: browser history
 
Sponsored Links
 
Ads presented by the
AdBrite Ad Network

 

TSHIRT HELL T-SHIRTS