Copy Link
Add to Bookmark
Report
Citronic Journal 02
,--------.
| | __ __
| ,----' |__| ,--. |__|
| | | |_
| | ,--. | | ,--.--. ,-----. ,-----. ,--. ,-----.
| | | | | ,-' | __, | ,-. | | ,-. | | | | ,---'
| `----. | | | | | | | | | | | | | | | | | |
| | | | | +--. | | | `-' | | | | | | | | +---.
`--------' `--' `-----' `--' `-----' `-' `-' `--' `-----'
October '94
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXX
XXXXXXXXXXXXXX XX XX XX XX X XX XX XX XXXXXXXX
XXXXXXXXXXXXXX XX XX XX XX XX XXXXX XX XX XXX XX XXXXXXXX
XXXXXXXXXXXXX XX XX XX XX XX XXXXX XX XX XXX XX XXXXXXX
XXXXXX XXX XX XX XXXXX XX XX X XXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Number Two
Citronic Journal is a 'Cyberpunk' Free Zone
Citronic Journal holds the British Standards Kite Mark
iÂr0üi - Citronic - iÂr0üi - Citronic - iÂr0üi - Citronic - iÂr0üi
----> |-|ar|)c0r3 T3cH|\|0pHi11iAcZ <----
+--------------------------Contents-------------------------+
| |
| 1) Messages from Dah Krew |
| 2) Rumourz n' Info |
| 3) Red Boxing - The Canadian Way **** by SparHawk *** |
| 4) JANET <--> Telnet Gatewayz |
| 5) Notes on Beige Boxing |
| 6) Inwardly Boxable UK Chatline **** by SaintHalo *** |
| 7) Prosecution Security |
| 8) Hacking Answering Machines |
| 9) Dah Last Bit |
| |
+-----------------------------------------------------------+
"Switch On - Jack In - Phreak Out"
"The FBI can do nothing in cases of oral-genital intimacy unless it
affects interstate commerce" - J. Edgar Hoover
iÂr0üi - Citronic - iÂr0üi - Citronic - iÂr0üi - Citronic - iÂr0üi
an119774@anon.penet.fi an119774@anon.penet.fi an119774@anon.penet.fi
|)izc1aim3r
~~~~~~~~~~~
If anyone does any of the stuff mentioned in this file there is
a possibility of getting busted and being put in jail forever. If this
happens don't come whining to us 'cos we'll deny everything and act real
innocent. Also any meteorite hits on planet Earth are nothing to do with
us. Everything in here is for informational purposes only and anything
carried out is entirely at your own risk.
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Messages from Dah Krew
~~~~~~~~~~~~~~~~~~~~~~
First of all Citronic iz:
HarLeQuin - Dah G0DfaTher
Grim Reefer - Dah N0vEl NeT SurFeR
Pulse - Dah Cellular hItDeWd
Nosferatu - Dah MiDniGhT f0x
SparHawk - Dah Inf0 WhIrlwiNd
SaintHalo - Dah DaTa FlAsHfL00d
CyberSpacePyr8 - Dah RAMrAideR pHr0m hELl
HarLeQuin sayz:
Well here we are again with the second issue of Citronic
Journal. And once more it's time for my bitch-at-the-computer-
underground.
The computer underground is supposedly based on freedom of
information. This is crap. The computer underground, like the rest of the
world is based on money and status. For example, h/p BBS's that only
allow you to connect at 9600bps or above. An excellent example of
information elitism. 9600bps modems can be bought second hand in the UK
for about 50 pounds, which I admit is not particularly expensive.
However, for your average 16 year old phreak/hack this IS expensive,
very expensive. So the BBS's represent freedom of information for rich
boys and girls who get money from their parents. Also all this crap
about 'machine elitism', like 'Amigas are shit, I have a Pentium,
they're eleet' - again bullshit. Since most hacking is done on a
terminal, a 8088 with a mono monitor is sufficient, but of course unless
you've got money - your a lAm3r right ?
Then there is status. How many times have you heard on IRC 'Fuq
0fF s00pErHaq U R lAm3 !' This hypocrisy is exactly what the computer
underground is *supposedly* against. Keeping information to your close
ring of friends, only the people you think are 'eleet'. Hmmmm, isn't
this what Corps and Governments do all the time. Only giving information
to those deemed privilidged enough to have it. If information is for
everyone then regardless of what you think of a particular person, they
have a right to have that information. Then again, if you deny that you
are for 'freedom of information' you are no more than a common thief,
stealing net access, online time, and credit. If you are happy with
doing this, fine. But please, don't spout this bullshit about
'information is for everyone', we know you're talking shit.
I do not like nor condone the 'eleet', this does not mean I do
not respect peoples technical ability. If they are a great hacker or
phreak, this is due to their hardwork, talent and dedication. I respect
this and I am in awe of their ability. However, being banned from BBS's
and IRC channels just because you're not with the 'in' crowd is
hypocrisy we could all do without. In my experience all the great
hackers and phreaks I know (and I do NOT count myself among them) do not
shoot their mouths off, do not slag other people off, and are always
prepared to help the hack or phreak who is a begginer or who does not
understand a particular concept.
For example, on the #hack channel, someone came on and said 'Hey
I've found a way to fake mail from root on my unix net !!!'. The reply
they got was to be kicked and banned. 0K, so its very simple, this does
not mean they are lame, it means they have some learning to do. The
people who think they can prove how 'eleet' they are by shitting on the
newbies are doing nothing except proving they are wankers and stiffling
the future of the underground.
On a lighter note, I have had alot of positive support both for
Citronic and the Citronic Journal. Thanks guyz and galz. We do
appreciate it !
At the moment many of the articles are UK based. This is mainly
because I write nearly all of them. Hopefully the info will still be
useful to ya or if not, an insight into the UK scene. So, if ya want
some articles specific to your either
a) Write one or
b) Get some-one you know to write one.
I would appreciate a wide variety of articles, so get round to writing
them. We'll clean up the grammar/english/whatever. So get tapping.
Although I am happy to keep writing articles my knowledge and
creativeness are not endless, so the journals will either become very
short or very repetative. Anything will be appreciated !
Sadly Pr0d1gY has left us. On a friendly note though, he's been
busted one too many timez and feels he can do without the hassle. Not
that I can blame him. However, we welcome SaintHalo and CyberSpacePyr8
who are both serious h4rDc0rE h/p hItdEwdZ...
I have now joined the ranks of the CyberTrendies and have
aqcuired a cellfone (not connected mind you). A Nokia 101, I have the
access code and can change the NAMs and stuff, but if any1 has any
programming software or programming leads for it... give me a mail !
My Helloz for this issue are as follows:-
BadS - Meeko - Phantasm - AlfiWalf - Mini-Master - Maelstrom - BooYaa
"Dah UK H/P Mafia"
CyntaxEra - cF - Radikahl- Lapse
"International DewdZ - H/P Mafia"
King_Dan - Aladar - Xalopp - Ruede
"Virii Dewdz in Yer Face"
"(and in yer c0de !)"
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Rumourz n' Info
~~~~~~~~~~~~~~~
This is a new and I hope regular feature of the Citronic
Journal. Basically rumours are part and parcel of the computer
underground. 50% are usually true and 50% are usually completly false.
But if we publish all that we hear it'll give you something to work on !
o There is a way to box global from the UK
This is not a rumour. This is actually true. But the people who know are
keeping their mouths shut. The rumours on this subject are as follows :
The breaks are non-standard. It uses R2. It uses CCITT5.
Well, non-standard breaks seem feasable. But I have heard two different
things about the signalling system. I called Yugoslavia direct (Yugo
uses R2) and said "I am a BT engineer etc etc. We have had trouble with
some of our lines have you had anyone phone up and as soon as you
answered have the line go dead on you, possibly after a short tone... ?"
Basically the operator answered, "Yes, we have had lots of 'kids'
phoning up for a joke recently and then putting the phone down". Also I
know of a Mexican guy who uses R2 to box global of Yugoslavia... Hmmmm,
anyone cracking this one gets a big pat on the back from me. I've tried
and am still trying with no bloody luck !
o Most PBX's have a direct dial number that gives you a dial tone
instantly and lets you simply dial an extension without all the 'Welcome
to Super Corp' messages... Also on most of them you can dial 9 (after
getting the direct line) and get an outside line, letting you dial out.
This was told to me by a person who works for a private
telecommunications company and writes software for VMBs/PBXs
o HarLeQuin is stunning in bed and is wanted by women around the world.
Again, this is not rumour, it is 100% true. I swear. Honest :-)
o There is a bug in a version of linux that lets you log in as -froot or
as -fguest and logs you in as root or guest respectively (no passwd
needed). I haven't really tried this much, only on about two systems, so
whether these were patched or not I don't know. I am inclined to think
this is false, but if anyone knows otherwise....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ ReD BoXiNG - @
@ THe CaNaDiaN WaY @
@ BY SPaRHaWK @
@ @
@ Oh yeah... That Canadian guy... @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
y0y0y0! Spar's here with his phreaking tips from up north!
Today's topic boys and girls, is red boxing the welfare way. Since
Hallmark Inc. is too 31337 to produce their digitally recordable
greeting cards in Canada, and I'm basically too lazy and too dangerous
with a soldering iron, and I'm not even going to THINK about handling 3.
xxxxxxxxxxxx crystalz, I do all MY red boxing with a sturdy 5 year old
Sony Walkman.
And if you're from the USofA and you're reading this, the tonez
aren't fer you... I've heard from everybody on #phreak that it doesn't
work there anymore, kiddies! Too bad. If you find out how to do it there
mail me- sparhawk@aladar.pmmf.hu.
Anyway, basically what you need is a walkman, a cassette (the
higher quality the better, although it probably doesn't matter too
much), a tape recorder that you can record the tonez with, a sound card,
and a brain size _slighty_ larger than Stimpy.
The basic theory of red boxing is this: When you drop a quarter
in the slot, on some phones you can hear a tone being made... Its a
series of high pitched beeps. This signals to the Telco that the person
at the phone has just dropped a quarter in. Hence, what a red box does
is produce that tone.
The tone for 5 cents is 3900MHz played for 35 milliseconds. So
if we want a quarter, we make five of those tonez at 35 millisecond
intervals. So what it looks like is this:
BEEP____BEEP____BEEP____BEEP____BEEP
<35><35><35><35><35><35><35><35><35>
But it sounds more like bebebebebe. The human brain receives
this information very fast, so when Zircon and I made it for the first
time, we were going to do it over because we thought we only heard 4
beeps. Trust me, there are five. I will include a TP program to do this
over a PC Speaker at the end of this... Look in Phrack XX for a
REDBOX.EXE for Adlib.
Make sure to record about $7 or $10 worth. Remember that the
more you record the less you have to rewind.
Once we have this on tape, we stroll along to the nearest
payphone and dial 1-902-YOU-WISH. We wait for the operator to come on
saying: Please deposit $2552.46 for the first minute. Then we put the
earphone of the walkman right on the speaker, have the volume up to
full, and press play. We count the quarters until we have enough, and if
the operator says something like "I asked for $4.56 and you deposited $4.
75. Do you want your money back to start over?" just say something like
no, you're in a hurry, just put me through... And then your call should
be put through.
One major drawback of this method that we discovered is that you
have to make the call operator assisted or it doesn't work. The variance
in the walkman is too great to fool the machine. You _can_ do local
calls but you have to dial the operator and say something like the
keypad is a bit sticky, could you please dial the call for me. That's my
line, so try and think of something original. =)
You could probably do one that produces the tonez exactly by
building an actual red box with the crystals and whatever, but I'm too
lazy and non-inclined with a soldering iron to do it. =)
( u 0n #P|-||234/< !!!!!
REDBOX.PAS:
----------------------------Cut-Here-----------------------------------------
uses crt;
var i:integer;
begin
for i:=1 to 5 do begin
sound (3900);
delay (35);
nosound;
delay(35);
end;
end.
----------------------------Cut-Here-----------------------------------------
I haven't tried it yet, but the tonez will brobably work if you
produce them with a PC Speaker because that is what the speaker is made for:
Producing accurate tones. If you try this and it works, mail me at the
address above.
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
JANET to telnet gateway
~~~~~~~~~~~~~~~~~~~~~~~
+------+
| NOTE |
+------+
The menu system has been upgraded at this site. However, the bug
has not been fixed, so the same menu options still apply and this bug
will still drop you to a telnet> prompt as of 1.00pm 27th Sept '94.
History and Dialups
-------------------
JANET is an acronym for the Joint Academic NETwork. It was the
original internetesqe network that has been around for many years
linking british 'higher education establishments'. The original JANET
runs at 9600bps (ack) although the introduction of SuperJANET means
massive increases in speed to near Novel data transfer speeds. However,
not all .ac.uk sites have SuperJANET installed...
The advantage of using JANET as opposed to telnet is that after
going through a certain number of JANET gateways, the call cannot be
traced to the originating site. Also many British universities have
JANET dialups where you can dial-in anonymously and get JANET access.
Almost every university that has JANET access has a dialup
number, there are lots of them, but I'll list a few below.
Heriot-Watt University (in Edinburgh) 0314 495941
Strathclyde University (in Glasgow) 0415 228467
Bath Uni 0225 448898
Durham Uni 0913 742832
Leeds 0532 461514
NOTE: Not all dialups will allow you to call JANET sites by name, or
they may only allow restricted access. The dialup I usually use only
allow 40 or so named servers to be called. However calling them with
there JANET X29 address usually bypasses this. If you don't know the X29
address of a site calling nott.info or on inter telnetting to
info.nott.ac.uk will give you a lookup facility, so you can enter the
site name and it will provide you with its X29 address...
Gateways
--------
There are other ways to get telnet from JANET.... Calling the
NISS service will provide you with a guest telnet prompt. However,
everything going thru here *is* logged. I know this for a fact. Also it
prevents you from calling .uk telnet sites. Although it will permit you
to call some them if you use only the IP number rather than the host
name.
The Birmingham site also provides a guest telnet service (log in
as telgate) but this is undoubtably logged. Part of the JANET
regulations state that all gateways must have the *ability* to log all
data going thru them or not. It would be safe to assume this happens at
bham.acsis
The Birmingham site however has a bug in its software that drops
the user to a telnet prompt when it fails to connect to a gopher site.
The log below is the process of how to get the prompt. All lines
starting with /* and ending with */ are my comments....
To get to JANET from the internet, you can telnet to
acsis.bham.ac.uk and log in as x29gate. Although almost all universities
are internet connected, JANET is still phun to play with :)
/* to call via JANET either use its site name or PAD> address...*/
PAD>call bham.acsis
/* or ...*/
PAD>call n000020060300
/* or you can telnet to acsis.bham.ac.uk */
Calling Name Server
Connecting...
Connected
*******************************************************************************
* *
* W E L C O M E t o T H E *
* U N I V E R S I T Y o f B I R M I N G H A M *
* A C A D E M I C C O M P U T I N G S E R V I C E *
* I N F O R M A T I O N G A T E W A Y *
* *
* acsis - ACSIS System *
* cis - Campus Information Service *
* gopher - Gopher Client *
* jughead - The Birmingham Jughead Server *
* lynx - World-Wide Web Line Mode Browser *
* mosaic - World-Wide Web Window Browser *
* newsread - Gopher News Reader *
* status - Status of ACS Hosts and Networks *
* telgate - Telnet Service for X29 PAD and Gandalf Users *
* veronica - University of Manchester Veronica Server *
* x29gate - X29 Service for Telnet Users *
* *
* Please login using the service name required. No password is needed. *
* Type clear if you need to clear the call to the Information Gateway. *
*******************************************************************************
login: gopher
/* Note the amount of useful stuff on the menu :)) */
Connecting to the Gopher System
at The University of Birmingham, UK.
You will need to specify which Gopher Server you wish to connect to.
[Hit RETURN for the Birmingham Gopher Server; Q to quit.]
Please enter IP Name of Gopher Server:
/* Press [RETURN] for the default server */
Receiving Directory...
Internet Gopher Information Client v1.03
University of Birmingham Academic Computing Service
--> 1. About the Birmingham University Gopher.
2. Campus Information Service at Birmingham University/
3. Usenet News Reader/
4. Other Birmingham Information Sources/
5. UK Gopher Servers/
6. Some World Wide Gopher Servers/
7. Koos Van Den Hout's Interesting Gopher Links/
8. University of Minnesota (World Wide Root Server)/
9. Swedish University Computer Network (European Root Server)/
10. Finding Gopher Resources/
11. Gopher Searching Facilities/
12. Campus Wide Information Servers & Library OPACS/
13. Internet Finger Servers/
14. Other Internet Facilities/
15. All the World's Gopher Servers/
16. School Gophers/
17. BTs Electronic Yellow Pages <TEL>
18. X.500 Gopher Gateway/
Press ? for Help, q to Quit,u to go up a menu
/* At this point choose menu option 14 */
Move To Line:14
Other Internet Facilities
--> 1. Hytelnet Server [Login as hytelnet] <TEL>
2. InterNIC/
3. Internet Chess Server <TEL>
4. NetFind Service <TEL>
5. UK Archie Server <TEL>
6. WAIS Based Information/
7. World-Wide Web [Login as lynx] <TEL>
Press ? for Help, q to Quit,u to go up a menu
/* At this point choose menu option 3 */
Move To Line:3
Warning!!!!!, you are about to leave the Internet
Gopher program and connect to another host.
If you get stuck press the control key and the ] key,
and then type quit
Now connecting to valkyries.andrew.cmu.edu
Press return to connect, q to cancel:
telnet: Unknown host valkyries.andrew.cmu.edu
telnet>
/* Boom, you are dropped to a telnet prompt. */
I have used this for several months with no problems. 90% of the
time it works, sometimes it will hang at the
Press return to connect, q to cancel:
prompt after you have pressed return. But usually waiting a while will
result in a telnet prompt.
0K ? Good, have phun with this and remember. I didn't say traffic
isn't logged through here, it's just less likely to be... But they 'aint
got me yet :-))) Mwuahahahaha
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Notes on Beige Boxing
~~~~~~~~~~~~~~~~~~~~~
I've been messing around with beige boxing and the like recently
so here's just a few notes that might help ya out. The best file/s I have
found on beige boxing were in CoTNO, so check out Field Phreaking I & II
in CoTNO Issue #1 it's excellent.
Beige Boxing off BT Payphones
-----------------------------
Most lines coming out of telephone boxes go underground
(especially the newer steel and glass phoneboxes) however with the older
red phoneboxes the line often leaves as a cable, perhaps leading up a
telegraph pole. This is especially true in small villages and more rural
areas. This is what you want to clip your modified phone onto.
After attaching your phone to the line, it ceases to have the
same restrictions on it as dialing from the payphone would have. For
example, you can call the BT test numbers, such as 174, 176.
I would recommend hanging the payphone up while beiging off its
line, as lifting the reciever causes a nasty buzz on the line. Also the
payphone ceases to function, although you can hear the conversation you
cannot speak thru the payphone handset speaker.
I have built a gold box (a diverter, sometimes called a Cheese
box) which I have yet to try, but I'll report on if it worked probably
in the next issue if I get round to it...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
INWARDLY BOXABLE UK CHATLINE
~~~~~~~~ ~~~~~~~ ~~ ~~~~~~~~
There is a new chatline fer aLL u cuNtz who st!LL dont know, hehe. It
is sited in Trinidad, Jamaica. Here :
[0800 899 843] KP2-59211010-ST
Unfortunately it is *total* crap as there are no real phreaks using it
and u wiLL get kicked off every 10 mins, but weLL its nice 2 know it's
there...
[ N.B. !F w3 caN GeT sUm PhrEAkz 0n iT, tHeN iT w0n'T b3 cRaP !!
s0 AlL y00 UK PhrEaKz - geT b0xIn' AnD taLkinG !! - Harl ]
I wiLL be setting up an InterNet H+P site in the UK in the next month
or so, if u are interested in helping me out then mail
an107853@anon.penet.fi.
Ta.
.sainthalo.
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Prosecution Security
~~~~~~~~~~~~~~~~~~~~
After talking about the recent busts with various hacks and
phreaks it seems to me that if the police or feds did make a casual
visit to your trusty hard-disk you would be buggered. The only way the
police can prosecute you is if they have *evidence* which most h/p dewdz
leave liberally scattered around there hard-drive and floppies. The
simple answer to this is:
a) Completely destroy unwanted files
b) All dodgy files that are stored must be PGPed with a 1024bit key and
a long pass phrase.
This effectiveley means if your data is visited by the cops, you will
have no trace of anything dodgy and everything else will be PGPed (and
you won't tell them the pass phrase - 'cos you've forgotten it). This
means, when you get some new h/p WaReZ and unpack the archive, shred the
unpacked files afterwards and store the archive as a PGPed file. When I
mean shred I mean completely overwritten (at least 3 times) and the file
renamed to something like XYXYXYX.XYX, then deleted.
To this end I have included a very simple file shredder I
knocked up (for MS-DOS). It only took me 10 mins or so and therefore is
quite basic but will serve its purpose. Any half decent k0der with a
half hour or so should be able to come up with something more effecient
and effective.
I personally use SHRED.EXE that is packaged (or used to be
packaged with) Dr. Solomon's Anti-Virus Toolkit. Norton also do very
good utilities that can shred disks as well as files.
-*- REMEMBER -*-
'If you can't be good be careful
If you can't be careful - develop a liking for bars and 7x4 rooms'
------------------- CUT HERE -----------------
section 1 of uuencode 5.15 of file shred.exe by R.E.M.
begin 644 shred.exe
M35I%`0H````'`(H$1J0U`0`$`````?#_4`````4!4$M,251%($-O<'(N(#$Y
M.3$@4$M705)%($EN8RX@06QL(%)I9VAT<R!297-E<G9E9`#0``T`8@`;`$8$
M1J2X`0!```"(!0``'````````````+BX!;HN`8S;`]@['@(`<QV#ZR#ZCM.\
M``+[@^L9CL-3N<,`,_]7OD@!_/.ER[0)NC8!S2'-($YO="!E;F]U9V@@;65M
M;W)Y)/V,VU.#PRT#VHS-B\*`Y`^Q!(ORT^:+SM'I3DZ+_BOH*]B.Q8[;\Z7\
MCMT'!K\``3/VK96Z$`#K+)"ME;(0ZS6ME;(0ZS:ME;(0ZSNME;(0ZUVME;(0
MZUZME;(0ZU^ME;(0<@BDT>U*=/1S^#/),]O1[4ITQ='3T>U*=,31TX7;=!?1
M[4ITO]'3@/L&<@O1[4IU!*V5LA#1TRZ*CUX!@/D*='0SVX/Y`G0JT>U*=)UR
M(]'M2G2<T=/1[4ITF]'3T>U*=02ME;(0T=.`^P)S%2Z*OVX!K(K85HOW*_/Z
M\R:D^U[K@='M2G4$K96R$-'3@/L(<MO1[4IU!*V5LA#1TX#[%W++T>U*=02M
ME;(0T=.!X]\`AM_KO:P"R(#5`#S_=8);B^N#PQ`SP*R1XPZM`\..P*V7)@$=
MXOGK[*T#P_J.T*V+X/NM`]A3K5".Q8[=,\"+V(O(B]"+Z(OPB_C+`P`""@0%
M````````!@<("0$"```#!`4&```````````'"`D*"PP-```````E4TA2140@
M+2!!(&9I;&4`"2!S:')E9&1E<A)7:&%0`'0@96QS%3\>*&,I(#$``#DY-"!(
M87),95%U:6X@;V8`H"!#:71R;VYI8R]4;R!CX$<)=&%C=!0@;6%!05`@86XQ
M-S<W-$`5H`D5+G!E;F5T+@"<:!A54T%'12`Z("8`?5MZ;F%M95U5B>4Q`*#`
MFGP"S0"_8`,>5YKG!7B!"II[\```Y7:B*[$;8&%@4;)MYU#QL&*D4?*AW0
M=1DJQ@9(`@#)PY#8.T?^N``!%*C_@>P)C;X`_Q:!(BD180EW2`%WBJ)H_W4.
M!PV`/@`Z#@!U!>C/_NM4"[I'#?0!#REM`1C5`D#0``P@3D]4($9/54Z9WM8A
MF0*9PDD)QD;_@W1941ND_OZDG;\7!4`"6II[`%P`7P<F@#TYYZ`I<1R-#G&_
M&`()?>L3OVX&1``IFI2**E1@`8H$A@`'#T%B;W5T('1OH*A0(!8@80<@>122
M`!!U"3\@*'DO3BF3C2"?,@"?@^PR4^]VG0!J`SHW@JT!@@L&@IK`+@\#:P"(
M1M,[>@A(TU":Z7-0*/T'5`,H&SQ9=`/<4.E$`5J-?M06$B2Z`/J#/DH"`!LI
M&S<!TYH)`SJ+``!&[HM6\(E&SHE6T+@!`#'2!0H["']#?`4[$G<\!5"C2HD6
M1@'K"H,&I%T*`8,+`#]=R5H'@J$ABR!413YU0SQUS3]`J%D:7@.C#PY[&T`H
M]61E;&5T941DEC8@<B`.`H`!#$%"0T1%1D=(+DE*2\6'K0[2#@(.D@1(HPP.
MK@00#O^+&@[_$&\X#AL\674C*/'#Q5":$@EN>MOJ^P@.ZM,*`.X,9E4_&`5Z
M!P``%NCM^^B#_`C`=`;H&X"4_>@F_^C-_\D;Z3\**@%5B^SF4!X``,5V#(U^
ML!8'_*P\3W("L$\`@)B1\Z0RP*K%5@:T<AC58""AL?BTX*M$X,'\0%F'Y/
M(`"+Y5W*"F[4/AXD'[1/!:0*'`0`&@1R':``@\<>'@8?1;D``?SRK@`%]M&*
MP4^+]T[]6*H?,S`5P*-*`L,]_'D&0"&LBM@R_P/>/`Y'5A4VB0H0R#+M?T\4
M";@`0U\.0EY><@9@0O?!&`!T)2<[\W0=%5!$JSMT!ZJ*X(`"#G7T@/PZ=,(%
M7'2]L"!17*KKN(O')RO'2$4/:XP(``(!$``>Z"A+`AY7#FQ<Z"(#"9H$`R@.
M7A,/`PP!9WI=R[0/``7HV`4\!W0*/`.HN`,`"@KH5@.A`+0(L.C``!0%BL0D
M?Z)<`J)2`HRBI0!-"%T#7@)`HDP"`("X0`".P+]L`":*!28Z!73[I!0(N?\R
M0!DW``H`D??0,]+W\:-8>`X?($FZ+0&X&R7>P[HS0"+")H`FAP#^;P8\!(`"
MA0-0M&Y9!5@*0`'D="VX$A&S#4P%N#`1%*"W`+(*0@6`^BIU%E05,@XR1`.Y
M`)``!N@N!;02LR#H)P7#>!6W(050+!9#L4`!``K2=0BR&,=W`K$!BE``\HK4
M_LI=@/X8=@*T`0"`HU`"B19:`H@.3P+&!DX"`8`$GE025@+#4`"A'KAM`8[8
M@#Y,JJ"6!1W?`1]8SPJF#P@`=0'#$`"BJC_-%K!,```&Z_2P7N@=`[!#Z!@#
MZ`X`%`/-(XO<-HM'!.@C^FX65/^@*,HPHB@5BE<*!'<(!`J`3P8$;P0ZT7<G
M.O5W(P*@DG@?_LYX&_[).@X`I8YW$_[-.BY;"`M2E8J.#H[T`T"AS.P&BCXH
MB4J+#A6+H^@Y!"K`!POH)@/+Z!L#RP0=RHH;'@3+N!1@`0?K%@$&4.C^`EA*
M)AN*.(KN.CI`[>YU`C+`Z/DYDZ0DBW<$@P)-<I)"%SH@=Q&-`C95014."3HV
M5P[3PT$*`M?HMC_"*D4I!B7^P'&J#&7.Q@Q5#$0"H.RH\'0$)`\,@(`F\!=J
M<`@&\1HD,-T'L032X!B/$XH8#/?+@`X&",L#$QY%BU>P2`0+TG040C/_L!0Y
MZ5C*!DB%`$IU]C2[@4MU_2`F5.'UPRU?```$N-TTNA(`.]-S&O?SB]CD``!A
MJ`-U"`P#YF&PMN9#BL/F5!9"BL<$.1DD503\%6X^70P`N@BTL`!T`K!5)`%Z
M$<8&%0I0B<!U$C+D%P@*B"9"$!$*Y'6!Z!,)*/Z5'C;%?P3'11`%"M<%!(``
MC84$B44H``R,70X/$%P#C$T2QD4$;C``'QTK`$"XE`.[<@2+RX%]`K'7=`I"
M*3JRU[A!$=@V!044+A:)71@&&HE-A1D<!AXSP#@:"@DY)HM55`$$2DH&H";$
M?0PS&P#;F`[H7/^Y`0`\"'0``#0\$W0P/`1T1$D\&W0G/`$``'0C/`9T-SP:
M=$8\#71//"```'+/.]ITRR:(`4/HF``[WG8``,"+\^N\"]MTN+`(Z(<`L""J
M`.B"!0I]`$OBZNL%$J0@=*`FB@$VF>@`@FH`0^+OZY&`/DTF`.6*0>L*Z$X`
M)L<!#62I"D-#F:4FNBHVE;@*7>4V54K$Y*=-$BDQ2P3C&:T\3D``6`NOZ!P`
MJ`!'XO?K`^B<`.C6_#K<*#$%L`WH(A!$L`I345*,<@!8B)3E*M4M`#"\,SP*
M=#6T"8H>4@(R`8/L4NAE`5K^P@@"A'8@BI#K%[0.Z*@"40'K$Q,-=`W^RG8I
MZPD790AE`(,M``=:65O#_L90P:9V&/[.8O`F"@,C%D]9PPH2M`-=Z0P!M&3I
M!085`1YAV!Y0(%,`'XO:B_>YD2&:R9$LC94Y1XUB@CSH;V6@_T,J<2SH8P!?
M!XX*;,,`4^L<Z%0`DXD"$Y,/Z$<H>/_K!TQ5Z#\`+4=6X)1:XJ;H,0!LB0!0
M;(K&]B9*`#+V`\*+R`5%?$RP#N[K%<5"8BH&2K`/#,$,H``?PSOW=&-G5QX&
MB\\K!9;.3$\"BC9280-4V(K'0?\#P]'@,@&+^+I%@\(&N`"X``"`/DD`!W4"
MM+`&'X[`_`K;PH%T%E;LJ`%U^_H$``9T^XO#J_OB[.L&BN=``*RKXOP''U\3
M5E<`S54&S1`'75]>PP"%`B"Z\=J,!C@``%`S[8O$!1,`L033Z(S2`$JRHPH`
MHPP``P8$!PXIA0,8`QP#)``FH@""`@#;(`#'!BH`$`ZI`(P.+$@$ONX*``&Y
M.I#\+JRT-<TAB1V`88Q%`H/'!.+O0L/RW\(H4_*ZY@@C"*Z9R@@D"-<(/W#A
M"KA*9)%0`KCJ*"I0#N@$!NAP_+Q3D@`4\`$(%@1A`LM7>_L``(/$!EB#YQ^!
MQY8`@/PY<P.@`+___U>T5$B+[(!.%@$`D%A;65I>7UT?!\^XT`!A`"L,R`!9
M6^L'N(4-_^#),]OM^Z,R````B\$+PW0?H1``"\!T$8[`%``F.QX+=`8FH10`
MZ^V,*%##*QXX/NL0B0XT0$GL'C8`Q!XNZL`QX443*@NC,,F"`SS.EU`&4\M=
MSL"A%;6B`0D,`@01)1YR@,45YQ#PH:(`4`L&4'0INP$"Z)0B*@"AB.@#NQ"L
M"KH,%^A`4$4`L#KH50LFZ#45DQ=2Z`<CM$R"$3\NB@<*"TC6ET/K\\.Q9!I"
M`+$*8>L$,N3V\20H!#!00EB*Q,-0!$H8Z`$*4'SHB@+H`PDD#QP\.G("H``$
M!XK0M`9(PP`"&R$C```D-#4V-S@Y.CL\/3X_=5)U1`9N=&DK97)R;X@&<B``
M('T`+@U4`0H`4`X8;VYS($-`'6]P>7)I9V@8#5"..#,L.3$@0B(#'VQI,\"'
M!CRH"`#+@SX%%``CRZ$'Z8[^B_0VCD0"@$(F.U4"?P=\%`@%<@^B"@T&?`@/
M"$4$1:%W*+C)*&;^!0!`CW(-*\1S"??8.P8Z`'(JAAC*&$[^`4)8Q'\(-L5W
M!*&04ZNXL-<$@`"K!9(+`8U%=*N,%*L#DB`'R!.Y#@#SJY)(Q79?$L5('V&I
M.;@*$4*2I93.!`@&"`RA/`C:10Y*).1%"M9`P;JQU^L(NK(%`[JSUV,(G44"
M/:-0SA(]%W0-/4@@@G00Q^EF`.LD4@829C<E`%I#O43B1[L0'%RO1#Y,.3FP
MA=\L<H>;3QP8:2H(40A,9R`H!!A0NQ0W%0!84/3>#+L<"PH``$`J!&<")O\9
M!7&B`W!?!\,YX&\SR8D-N``]!%E2#;`"_P4+@`*X=`*T/(!],(,)C54P@.3-
M(7)/B06XARV+V40I*BF+'39$&0#8N-P$B\B,R_;"@'41@+TY=0/H)@"XMRO\
M<KRW4/A-&(E=&A$<_`2<++DSTB5'D0$"H2V``(/:`*5@<S;`%8O*B]`FI5X7
MC948N8H2`PZT/PUS&9`I,]L[V'0@@`H0%!K(0^ORB],KT/F>'48$#T^T0)F`
M\/,$)L55#&OPS6]!<A!`H%MI(L^'UH)4]`H*"NON`3`B_$0FAYV$XDER!RO!
M:+AE"]V@"R4"^3C/VQW`F8/[!'8&M#X:!QT9SPB@)+9U#2)=.U7##0K[PR@1
MNVB"ZT10?@53^*HHN_Q&*.@]3P5TT!1U[+`:^<,!0-TOL@!`!$!I1TA`>40W
ME@%`458>1G">=PB`#_I=%$$=^XX*`D4?7@X66<-9*>A`1%'_=13H</\:@*(-
M0SP-=?3H9`P*=3)#73=,?3%+77.5""YC+@J`6YV`_[`*Z'O_)!&_*@$DT":,
M?(-]&O7:[LL-D1B1#O``?-7^=0[H]/YR4FQN7<O_Z_0?J0`*'_8?$XM.!DE^
M$8$'D`W_XOF*1G+?;05V2@)S'BL,*XO^Q78("1&Y:Q7HI/XDH)$.T`I#04:(
M!#N`,T%UZROQB`PWJJ[B!@$XDV0"8R4Z9ORL,N0KE23(%6NB_FM$A6C_$(O(
MXV0'X^B2$`$^_(O<C(]RVF*LJBAY-X[:D):$&A8*'@8VBT\"NAXZP78"BL$`
M)`J'U#:*!5]?DC(1##8(BK`$D#8&"\E_$0$#V@/Q*\%R$[-`0$@2?0(SR3M!
M4$T&B\'K9:IMO9I/"`2-%`!6#6BL)@`%<P@FQ@4%Z/]Y]M`#^4>*R`#FF9\>
M:($`!2OC*4>L/`%R(Q.L\JZ00'4<3^L?]-$KT'(10H)*8:9T#BO(A4(4`$IU
M\'3K""OXB\<V*T?^NP0?>$U($G.*)6<ZS.W,"B1XR70&[J9U`CK$!S"C$+`!
MJHH(VZJO-(BU"D$&[%UDT(C9FXT",2^-Q@@'#E"+1B(0!D@>T/[=,*A`TBT(
M_R'^(?\Z56S_)!2W%K'^!.[^%`AB]`QO_EZ*=PQ4@WY??D-NT@=:"%IV_E,Y
M`5$4`W%0I?-57%695;0=$1E6"`40OU<$@\(PM$'!X*-SV\%CE/`-(@;-D2(#
M7<56"LF4,QRT5C8%((8VZQ0>C78S1(EE@\<P,JK*F5?Z'V:(BD^+5@;E!>A)
MJC`I:YS1(#RY`'(ECI("=B8%+``S_Z,7_#@'!H48\J[K]$,#B_<8"D8,D?8Q
M%-!35@AB"/RJH`J+O`*#P,3XD\L\OX``(H@%1S/;XPD%44(@=P/JM(P[#78!
M.`W'*\9T!$-*==[#&@"8/&%R!CQZ=P(LV4L@3`X!AP#O#2$!!$C_7```E@"@
M`*4`M@"[`,``T0#6`-L`Y0#J`/L```$%`0\!%`$E`2H!+P$Y`3X!E0&F`;,!
MR0'.`=\!Y`'I`?H!_P$$`@X"$P(N`E(":P)W`GP"@0*2`LT"X0+M`OD"_@(#
M`P@#&0,A`R8#*P,T`TP#8`-E`Z,#J`.M`_P#`00&!%4$6@1?!'H$?P2)!(X$
MVP3O!/L$!P4,!1$%%@4G!2\%-`4Y!4(%505:!60%:05S!7@%A`6+!9`%F@6U
<!0-K`!<`*@`P`0/-``$`[@",!0"X`0!```"(!0"(
`
end
sum -r/size 12744/6826 section (from "begin" to "end")
sum -r/size 65037/4933 entire input file
------------------- CUT HERE -----------------
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Hacking Answering Machines
~~~~~~~~~~~~~~~~~~~~~~~~~~
Ring
Ring
Click
"Hi, unfortunately I can't come to the phone right now. So, don't be
scared and leave a message after the tone with your name and number and
I'll call you back. Thanks !!"
Bip
Bip
Beeeeeep
[11]
[12]
[13]
[14]
Beep Beep Beep
[8]
"ermm, oh, Hi Jamie, just calling to remind you about mum's birthday.
See you Thursday"
Beep.
"Hello Jamie, its Nichola here, d'ya wanna catch a movie monday ? Gimme
a call when you get back, bye"
Beep.
"I got the couple of ounces you wanted. I've left them in your toolbox
round the back. By the way, if you still want that stereo drop me a
line. See ya round"
Boom. Paydirt !!
Just about all the answering machines you can buy these days are
'remote controllable'. That is by use of DTMF tones you can playback
messages left on the machine, delete messages, record memos and in some
cases even re-record the OGM (out going message).
Answering machines are rediculously easy to hack. To show just
how easy I quote from the Dialatron Designer 2500M manual:-
"When you first install and set up your Designer 2500M, its security
code is set to 12; you have a choice of five codes - 11,12,13,14 or 15."
FIVE CODES ?!?!?!?!?! I nearly died laughing.
Accessing the machine
---------------------
I have never come across an answering machine with more than a
two digit code. This is the main security shortfall of common answering
machines. To 'access' the answering machine the code must be entered
either: a) While the OGM (the welcome message) is being played or b)
During the period when the caller is supposed to leave their message.
Personally I always try codes in this order:
11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 22, 33, 44, 55, 66, 77, 88, 99, 00
Why ? Well most codes are still set as the default often only
one digit. So running thru 11 - 20 goes thru all the single digit kodez
as well as some common defaults. Also 11,22, 33 etc are also very
common. 90% of the time this well get you the all important 'beeeep' to
tell you you have access. If this still fails to work try the usual
common numbers e.g. 10, 20, 30 etc etc
Getting BlueBeep, BlueDial or another dialler to do the work is
usally a good idea. But don't set the DTMF tone duration too short, as
the answering machine may not recognise it, 70ms is usually sufficient.
If you have physical access to a machine this is even better.
There is always a way to get the current 'security' code. On the
Dialtron Designer 2500M simply hold down the STOP button for 2 seconds,
on the BT Response 400 press the CODE key and then either FF or REW.
These two methods are pretty standard. It works for most answering
machines. The best way is to get hold of the manual, and the best way to
do that is go to your local answering machine supplier and say "I have
lost the manual to my S00perAnswer 8000" at which point the rep will
either give you a manual or an address to get one.
0K? You have access the next thing to do is to mess with it !
Below are the tones for controlling the BT Response 400 and the
Dialatron Designer 2500M as these work for 90% of answering machine si
have found....
Dialtron Designer 2500M
-----------------------
22 Clear Messages (press key twice)
3 Record Memo
4 Rewind (during message playback)
5 Stop
6 Fast Forward (during message playback)
7 Answer On
8 Play
99 Answer Off (press key twice)
If you have any problems call the Dialatron help line !
081 903 5224 9.00am to 5.00pm Mon to Fri
BT Response 400
---------------
0 - Stop current operation/Remote switch off
1 - Rewind
2 - Play/Pause messages
3 - Fast Forward
4 - Save
5 - Erase
6 - Reset a message or memo
7 - Stop/Start announcement recording
8 - Stop/Start memo recording
9 - Play/Pause memo
# - Start remote interrogation
* - Announcement skip
Dangers
-------
Make sure the answering machine you are calling is capable of
remote operation, or is switched into 'Remote' mode. This is usually a
risk you have to take. If you came home, checked your ansafone to hear a
couple of messages which were nothing but tones most people with half a
brain will guess that some-one is trying to remotely hack their machine !
Make sure that no-one is in when you try you hack an ansafone.
A lot of people too lazy to answer the phone simply let the answer
machine get the call. Which means they will be happily sitting in their
armchair watching TV when they hear their answering machine go thru all
the left messages and have the welcome message changed to "I am sorry I
am out having assorted continental vegetables inserted into my rectum.
Please leave a message after the tone."
Finally
-------
Hacking answering machines is *very* easy and has limited uses,
but its a laugh and you can come across a few little nuggets of
information. It is also completely anonymous, and unless you change
something you can listen to left messages undetected ! If you are really
serious about intruding on a target machine. Find out what make/model it
is and get the manual.
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Dah Last Bit
~~~~~~~~~~~~
For the next issue we'd kinda like submissions on the following
subjects:-
Cellular Hacking/Phreaking
Comment/Opinion
Hacking
Phreaking
Interesting ways of Imbibing Dope
Things that go KaBoom!
Amusing Pranks/Gags
kEwL Koding trix
Errmmmm, same as last time really !
You know what we're after, anything will be considered (and probably
published) so get tapping.
I have been using two FTP sites recently that you may find interesting...
corrupt.sekurity.com
H/P WaReZ in yEr face - h/p stuff and more
hyperreal.com
THE psychdelic server, has info on everything from smartdrugs to dope to
psychedelics also rave info and some WeIrD visual madness !!
also a bot on IRC called lamerbot usually on the #virus channel has
loads of hack/phreak/virus stuff on it aswell as
anti-feds-good-ole-in-yer-face-underground-rebellion type stuff so check
it out !! Especially a demo for the PC called TIMELESS.ZIP on there
somewhere (can't remember where exactly in some /demo directory). The
usual /msg lamerbot help gets you started.
Drop us a line. Even if ya just wanna say Hi or ask a question. As you
may of guessed we're not the sort of ppl who flame others because of our
elitist fantasies. H/P is about communicating ! (and writing articles
for CiTR0NiC !!!)
In case you are terminally stupid our e-mail address is once again...
an119774@anon.penet.fi an119774@anon.penet.fi an119774@anon.penet.fi
an119774@anon.penet.fi an119774@anon.penet.fi an119774@anon.penet.fi
an119774@anon.penet.fi an119774@anon.penet.fi an119774@anon.penet.fi
[EOF]